Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

WordPress DB Backup

By kannthu

Vidoc logoVidoc Module

What is the "WordPress DB Backup?"

The "WordPress DB Backup" module is designed to detect misconfigurations in WordPress websites that may expose sensitive database backups. It targets WordPress sites and checks for the presence of a specific directory that contains database backup files.


If a misconfiguration is detected, it could potentially expose sensitive database backups to unauthorized access. This could lead to the compromise of sensitive information, such as user data, login credentials, or other confidential data stored in the WordPress database.

How the module works?

The "WordPress DB Backup" module works by sending a GET request to the "/wp-content/backup-db/" path on the target WordPress site. It then applies matching conditions to determine if a misconfiguration is present.

The module checks for two specific conditions:

    - The response body contains the words "Index of /" and ".sql\">". This indicates that the directory listing of the backup database files is accessible. - The response status code is 200, indicating a successful request.

If both conditions are met, the module flags the WordPress site as potentially vulnerable to exposing sensitive database backups.

Module preview

Concurrent Requests (1)
1. HTTP Request template
Matching conditions
word: Index of /, .sql">and
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability