Module library
Ethical Hacking Automation
Automate Recon and scanning process with Vidoc. All security teams in one place
WordPress DB Backup
By kannthu
Vidoc ModuleDescription
What is the "WordPress DB Backup?"
The "WordPress DB Backup" module is designed to detect misconfigurations in WordPress websites that may expose sensitive database backups. It targets WordPress sites and checks for the presence of a specific directory that contains database backup files.
Impact
If a misconfiguration is detected, it could potentially expose sensitive database backups to unauthorized access. This could lead to the compromise of sensitive information, such as user data, login credentials, or other confidential data stored in the WordPress database.
How the module works?
The "WordPress DB Backup" module works by sending a GET request to the "/wp-content/backup-db/" path on the target WordPress site. It then applies matching conditions to determine if a misconfiguration is present.
The module checks for two specific conditions:
- - The response body contains the words "Index of /" and ".sql\">". This indicates that the directory listing of the backup database files is accessible.
- The response status code is 200, indicating a successful request.
If both conditions are met, the module flags the WordPress site as potentially vulnerable to exposing sensitive database backups.