admin/nuclei-templates
1
0
Fork 0
mirror of https://github.com/projectdiscovery/nuclei-templates.git synced 2026-02-02 00:33:27 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
ba03e54063a94de8155adf476dc07e5b39bca341
nuclei-templates/http/vulnerabilities/wordpress/wp-full-path-disclosure.yaml
ghost 5f08fc26d3 chore: sign templates 🤖
2024-12-01 13:57:55 +00:00

25 lines
918 B
YAML
Raw Blame History

id: wp-full-path-disclosure
info:
name: Wordpress - Path Disclosure
author: arcc
severity: info
description: Wordpress internal file system path of a WordPress installation is exposed or disclosed to unauthorized users.
reference:
- https://make.wordpress.org/core/handbook/testing/reporting-security-vulnerabilities/#why-are-there-path-disclosures-when-directly-loading-certain-files
- https://core.trac.wordpress.org/ticket/38317
metadata:
max-request: 1
tags: debug,wordpress,fpd
http:
- method: GET
path:
- "{{BaseURL}}/wp-includes/rss-functions.php"
matchers:
- type: word
words:
- 'Call to undefined function _deprecated_file()'
part: body
# digest: 4b0a00483046022100c37746adf02741b253629d0c366359bdeac6de7fa8b5bd56a2f8c972b3772849022100b7b5bd4b990aff9a5a733ca9b641adab53ba87ae866316ac86fc76edb1890ad3:922c64590222798bb761d5b6d8e72950
Reference in New Issue View Git Blame Copy Permalink