http/vulnerabilities/wordpress/wordpress-directory-listing.yaml

id: wordpress-directory-listing

info:
  name: Wordpress directory listing
  author: Manas_Harsh
  severity: info
  description: Directory listing enabled in wordpress.
  metadata:
    max-request: 4
  tags: wordpress

http:
  - method: GET
    path:
      - "{{BaseURL}}/wp-content/uploads/"
      - "{{BaseURL}}/wp-content/themes/"
      - "{{BaseURL}}/wp-content/plugins/"
      - "{{BaseURL}}/wp-includes/"

    matchers-condition: and
    matchers:
      - type: status
        status:
          - 200

      - type: word
        words:
          - "Index of /"
# digest: 4b0a00483046022100c34cc0503c1b876f71aa6bbc5cf43871d74dc65394d81efaa6efe7998f080461022100e5c4777fee3c4554dfcff506980b3a549094d15b4659ef8c2ce3993395af550b:922c64590222798bb761d5b6d8e72950
adding wordpress-directory-listing 2020-06-30 17:06:10 +05:30			`id: wordpress-directory-listing`

			`info:`
			`name: Wordpress directory listing`
			`author: Manas_Harsh`
uniform severity update 2020-08-04 03:22:00 +05:30			`severity: info`
Updated descriptions of templates 2024-01-02 21:15:12 +05:30			`description: Directory listing enabled in wordpress.`
Added max request counter of each template 2023-04-28 13:41:21 +05:30			`metadata:`
			`max-request: 4`
templateman update 2023-10-14 16:57:55 +05:30			`tags: wordpress`
adding wordpress-directory-listing 2020-06-30 17:06:10 +05:30
Refactoring the directory structure based on protocols (#7137) * moving http templates * updated cves.json * moved network CVEs * updated scripts * updated workflows * updated requests to http * replaced network to tcp --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> 2023-04-27 09:58:59 +05:30			`http:`
adding wordpress-directory-listing 2020-06-30 17:06:10 +05:30			`- method: GET`
			`path:`
			`- "{{BaseURL}}/wp-content/uploads/"`
Update wordpress-directory-listing.yaml Add other paths susceptible to directory listing. 2020-08-30 12:03:04 -03:00			`- "{{BaseURL}}/wp-content/themes/"`
			`- "{{BaseURL}}/wp-content/plugins/"`
			`- "{{BaseURL}}/wp-includes/"`
generic improvements 2021-07-24 00:06:13 +05:30
Fixed default condition OR to AND in false-positives 2020-07-08 17:08:57 +05:30			`matchers-condition: and`
adding wordpress-directory-listing 2020-06-30 17:06:10 +05:30			`matchers:`
			`- type: status`
			`status:`
			`- 200`
generic improvements 2021-07-24 00:06:13 +05:30
adding wordpress-directory-listing 2020-06-30 17:06:10 +05:30			`- type: word`
			`words:`
generic improvements 2021-07-24 00:06:13 +05:30			`- "Index of /"`
chore: sign templates 🤖 2024-12-01 13:57:55 +00:00			`# digest: 4b0a00483046022100c34cc0503c1b876f71aa6bbc5cf43871d74dc65394d81efaa6efe7998f080461022100e5c4777fee3c4554dfcff506980b3a549094d15b4659ef8c2ce3993395af550b:922c64590222798bb761d5b6d8e72950`