Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Woocommerce - PDF Invoice Exposure

By kannthu

Medium
Vidoc logoVidoc Module
#wordpress#listing#exposure#woocommerce
Description

What is "Woocommerce - PDF Invoice Exposure?"

The "Woocommerce - PDF Invoice Exposure" module is designed to detect a vulnerability in the Woocommerce plugin for WordPress. This vulnerability allows remote unauthenticated attackers to access company invoices and other sensitive information. The severity of this vulnerability is classified as medium.

This module was authored by mohammedsaneem and sec_hawk.

Impact

If exploited, this vulnerability could lead to unauthorized access to sensitive company invoices and potentially other confidential information. This can result in data breaches, financial loss, and reputational damage for affected organizations.

How the module works?

The "Woocommerce - PDF Invoice Exposure" module works by sending HTTP requests to the target website and analyzing the responses. It specifically targets the "/wp-content/uploads/pdf-invoices/" path.

The module uses two matching conditions to identify the vulnerability:

- The first condition checks if the response body contains the following words: "Index of /wp-content/uploads/pdf-invoices", "Parent Directory", and ".pdf". - The second condition checks if the response status code is 200.

If both conditions are met, the module reports a vulnerability, indicating that the target website is exposing PDF invoices and potentially other sensitive information.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/wp-content/uploads/...
Matching conditions
word: Index of /wp-content/uploads/pdf-invoice...and
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability