漏洞描述
Searches for sensitive directories present in the mstore-api plugin.
wp-mstore-plugin-listing: Wordpress Plugin MStore API
PoC代码[已公开]
id: wp-mstore-plugin-listing
info:
name: Wordpress Plugin MStore API
author: pussycat0x
severity: low
description: Searches for sensitive directories present in the mstore-api plugin.
classification:
cpe: cpe:2.3:a:inspireui:mstore_api:*:*:*:*:wordpress:*:*:*
metadata:
max-request: 1
vendor: inspireui
product: mstore_api
google-query: inurl:/wp-content/plugins/mstore-api/
tags: wordpress,listing,wp-plugin,vuln
http:
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/mstore-api/"
matchers-condition: and
matchers:
- type: word
words:
- "Index of"
- "/wp-content/plugins/mstore-api"
condition: and
- type: status
status:
- 200
# digest: 4b0a0048304602210085204ed2743770e0a160fcc163a5d9af319e7615431987fbb8d49b7842a07620022100b40c30c930f2be5c1fc78c23bd897b5a3f67e123d88ab39d067a5df48a78d559:922c64590222798bb761d5b6d8e72950