Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

WordPress 123ContactForm Plugin Directory Listing

By kannthu

Informative
Vidoc logoVidoc Module
#wordpress#listing#plugin#edb
Description

What is the "WordPress 123ContactForm Plugin Directory Listing?"

The "WordPress 123ContactForm Plugin Directory Listing" module is designed to detect sensitive directories present in the 123contactform-for-wordpress plugin. This plugin is used in WordPress websites to integrate contact forms created with 123ContactForm. The module focuses on identifying potential misconfigurations or vulnerabilities in the plugin.

This module has an informative severity level, which means it provides valuable information but does not pose an immediate threat to the security of the website.

This module was authored by pussycat0x.

Impact

The impact of the "WordPress 123ContactForm Plugin Directory Listing" module is primarily informational. It helps website owners and administrators identify potential security weaknesses in the 123contactform-for-wordpress plugin. By detecting sensitive directories, it allows them to take appropriate actions to secure their websites and protect sensitive data.

How does the module work?

The "WordPress 123ContactForm Plugin Directory Listing" module works by sending HTTP requests to the "/wp-content/plugins/123contactform-for-wordpress/" path of the target website. It then applies matching conditions to determine if the response indicates the presence of sensitive directories.

An example of a matching condition is checking if the response contains the words "Index of" and "/123contactform-for-wordpress". Additionally, the module verifies that the HTTP response status is 200, indicating a successful request.

By analyzing the responses and matching conditions, the module can identify potential misconfigurations or vulnerabilities in the 123contactform-for-wordpress plugin.

Reference: - Critical Vulnerabilities in 123ContactForm for WordPress Plugin - Exploit Database - 123ContactForm for WordPress Plugin

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/wp-content/plugins/...
Matching conditions
word: Index of, /123contactform-for-wordpressand
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability