漏洞描述
WordPress `wp-config` was discovered. This file is remotely accessible and its content available for reading.
wordpress-accessible-wpconfig: WordPress wp-config Detection
PoC代码[已公开]
id: wordpress-accessible-wpconfig
info:
name: WordPress wp-config Detection
author: Kiblyn11,zomsop82,madrobot,geeknik,daffainfo,r12w4n,tess,0xpugal,mastercho,c4sper0
severity: high
description: WordPress `wp-config` was discovered. This file is remotely accessible and its content available for reading.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cwe-id: CWE-200
metadata:
max-request: 32
tags: wordpress,backup,vuln
http:
- method: GET
path:
- "{{BaseURL}}{{paths}}"
payloads:
paths:
- "/wp-config.php"
- "/.wp-config.php.swp"
- "/wp-config-sample.php"
- "/wp-config.inc"
- "/wp-config.old"
- "/wp-config.txt"
- "/wp-config.php.txt"
- "/wp-config.php.bak"
- "/wp-config.php.BAK"
- "/wp-config.php.old"
- "/wp-config.php.OLD"
- "/wp-config.php.dist"
- "/wp-config.php.inc"
- "/wp-config.php.swp"
- "/wp-config.php.html"
- "/wp-config-backup.txt"
- "/wp-config.php.save"
- "/wp-config.php.SAVE"
- "/wp-config.php~"
- "/wp-config.php-backup"
- "/wp-config.php.orig"
- "/wp-config.php_orig"
- "/wp-config.php.original"
- "/wp-config.backup"
- "/_wpeprivate/config.json"
- "/config.php.zip"
- "/config.php.tar.gz"
- "/config.php.new"
- "/common/config.php.new"
- "/wp-config.php.bk"
- "/home/{{DN}}WORDPRESS.txt"
- "/home/{{DN}}-WORDPRESS.txt"
stop-at-first-match: true
matchers-condition: or
matchers:
- type: word
words:
- "DB_NAME"
- "DB_PASSWORD"
part: body
condition: and
- type: word
part: body
words:
- "DBNAME"
- "PASSWORD"
condition: and
- type: word
part: body
words:
- "DB_USERNAME"
- "DB_PASSWORD"
condition: and
# digest: 4b0a00483046022100944eda6fabca2de8243af6f8f09b0f5cbeb9cf521e2b110770d83435d4da3fd8022100feb96452becdbd8dbc910db8a43fbf608e2056757118ea41ad9cce2692a4332a:922c64590222798bb761d5b6d8e72950