mirror of
https://github.com/projectdiscovery/nuclei-templates.git
synced 2026-02-02 08:43:27 +08:00
40 lines
1.5 KiB
YAML
40 lines
1.5 KiB
YAML
id: wordpress-wp-cron
|
|
|
|
info:
|
|
name: Wordpress wp-cron.php DOS
|
|
author: pathtaga
|
|
severity: info
|
|
description: When this file is accessed a heavy MySQL query is performed, so it could be used by attackers to cause a DoS.
|
|
reference:
|
|
- https://book.hacktricks.wiki/en/network-services-pentesting/pentesting-web/wordpress.html
|
|
- https://medium.com/@thecpanelguy/the-nightmare-that-is-wpcron-php-ae31c1d3ae30
|
|
metadata:
|
|
max-request: 2
|
|
tags: wordpress,cron,wp,dos,vuln
|
|
|
|
http:
|
|
- method: GET
|
|
path:
|
|
- "{{BaseURL}}"
|
|
- "{{BaseURL}}/wp-cron.php"
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: dsl
|
|
dsl:
|
|
- (regex("<link[^>]+s\d+\.wp\.com",body_1))
|
|
- (regex("<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -",body_1))
|
|
- (regex("<!--[^>]+WP-Super-Cache",body_1))
|
|
- contains(body_1, "/wp-content/themes/")
|
|
- contains(body_1, "/wp-includes/")
|
|
- contains(body_1, 'name=\"generator\" content=\"wordpress')
|
|
- contains(body_1, '<!-- performance optimized by w3 total cache.')
|
|
condition: or
|
|
|
|
- type: dsl
|
|
dsl:
|
|
- "len(body_2) == 0"
|
|
- "status_code_2 == 200"
|
|
- "contains(content_type_2, 'text/html')"
|
|
condition: and
|
|
# digest: 490a00463044022059555ff73acaa0da74ad64802d63abb19fbf51d300b4229df2a36c5a4a4da71c02203238f2f89bfe5620acc40ec2f02b044b0315a83a83db45305239953e73667b41:922c64590222798bb761d5b6d8e72950 |