2021-07-28 23:56:51 +05:30
id : wordpress-upload-data
2021-07-30 02:36:18 +05:30
2021-07-28 23:56:51 +05:30
info :
name : wordpress-upload-data
author : pussycat0x
severity : medium
2021-10-26 12:35:56 +03:00
description : The remote WordPress installation contains a file 'data.txt' under the '/wp-content/uploads/' folder that has sensitive information inside it.
2021-07-28 23:56:51 +05:30
reference : https://www.exploit-db.com/ghdb/7040
tags : wordpress,listing
2021-07-30 02:36:18 +05:30
2021-07-28 23:56:51 +05:30
requests :
- method : GET
path :
- "{{BaseURL}}/wp-content/uploads/data.txt"
2021-07-29 00:09:11 +05:30
2021-07-28 23:56:51 +05:30
matchers-condition : and
matchers :
- type : word
words :
2021-07-30 02:36:18 +05:30
- "admin:"
2021-07-29 00:09:11 +05:30
- type : word
part : header
words :
2021-07-30 02:36:18 +05:30
- "text/plain"
2021-07-29 00:09:11 +05:30
2021-07-28 23:56:51 +05:30
- type : status
status :
2021-07-29 00:09:11 +05:30
- 200
