Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

WordPress DB Backup

By kannthu

Vidoc logoVidoc Module

What is the "WordPress DB Backup?" module?

The "WordPress DB Backup" module is a test case designed to detect misconfigurations or vulnerabilities related to the WordPress database backup functionality. It targets WordPress websites that have a specific directory structure for storing database backups. The severity of this module is classified as medium.

This module was authored by Suman_Kar.


If the module detects a misconfiguration or vulnerability, it indicates that the WordPress database backups are accessible through the website. This could potentially expose sensitive information, such as database credentials or sensitive data stored in the backups, to unauthorized users.

How does the module work?

The "WordPress DB Backup" module works by sending a GET request to the "/wp-content/uploads/database-backups/" directory on the target WordPress website. It then applies matching conditions to determine if the directory listing of the backups is exposed and if the HTTP response status is 200 (OK).

The matching conditions used by the module are:

- The response body must contain the following words: "Index of /", "wp-content/uploads/database-backups", and ".sql". - The HTTP response status must be 200 (OK).

If both matching conditions are met, the module reports a potential vulnerability or misconfiguration.

Module preview

Concurrent Requests (1)
1. HTTP Request template
Matching conditions
word: Index of /, wp-content/uploads/database-...and
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability