Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "WordPress DB Backup" module is a test case designed to detect misconfigurations or vulnerabilities related to the WordPress database backup functionality. It targets WordPress websites that have a specific directory structure for storing database backups. The severity of this module is classified as medium.
This module was authored by Suman_Kar.
If the module detects a misconfiguration or vulnerability, it indicates that the WordPress database backups are accessible through the website. This could potentially expose sensitive information, such as database credentials or sensitive data stored in the backups, to unauthorized users.
The "WordPress DB Backup" module works by sending a GET request to the "/wp-content/uploads/database-backups/" directory on the target WordPress website. It then applies matching conditions to determine if the directory listing of the backups is exposed and if the HTTP response status is 200 (OK).
The matching conditions used by the module are:
- The response body must contain the following words: "Index of /", "wp-content/uploads/database-backups", and ".sql". - The HTTP response status must be 200 (OK).If both matching conditions are met, the module reports a potential vulnerability or misconfiguration.