Wordpress directory listing

What is the "Wordpress directory listing?"

The "Wordpress directory listing" module is designed to detect misconfigurations in Wordpress installations that may lead to directory listing vulnerabilities. It specifically targets Wordpress websites and aims to identify instances where sensitive directories, such as "/wp-content/uploads/", "/wp-content/themes/", "/wp-content/plugins/", and "/wp-includes/", are accessible and display an "Index of /" page.

This module has an informative severity level, meaning it provides valuable information about potential vulnerabilities or misconfigurations without posing an immediate threat.

This module was authored by Manas_Harsh.

Impact

If the "Wordpress directory listing" module detects a directory listing vulnerability, it indicates that an attacker may be able to access sensitive files and directories on the Wordpress website. This can potentially expose confidential information, such as source code, configuration files, or user data, to unauthorized individuals.

How does the module work?

The "Wordpress directory listing" module works by sending HTTP requests to specific directories commonly found in Wordpress installations. It checks for two matching conditions:

- Status: The module expects a response with a status code of 200, indicating that the directory exists and is accessible. - Content: The module looks for the presence of the phrase "Index of /" in the response body, which suggests that the directory is configured to display its contents.

If both conditions are met, the module flags the directory as vulnerable to directory listing.

Here is an example of an HTTP request sent by the module:

GET /wp-content/uploads/ HTTP/1.1
Host: example.com

The module then analyzes the response to determine if the matching conditions are satisfied.