Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "Wordpress directory listing" module is designed to detect misconfigurations in Wordpress installations that may lead to directory listing vulnerabilities. It specifically targets Wordpress websites and aims to identify instances where sensitive directories, such as "/wp-content/uploads/", "/wp-content/themes/", "/wp-content/plugins/", and "/wp-includes/", are accessible and display an "Index of /" page.
This module has an informative severity level, meaning it provides valuable information about potential vulnerabilities or misconfigurations without posing an immediate threat.
This module was authored by Manas_Harsh.
If the "Wordpress directory listing" module detects a directory listing vulnerability, it indicates that an attacker may be able to access sensitive files and directories on the Wordpress website. This can potentially expose confidential information, such as source code, configuration files, or user data, to unauthorized individuals.
The "Wordpress directory listing" module works by sending HTTP requests to specific directories commonly found in Wordpress installations. It checks for two matching conditions:
If both conditions are met, the module flags the directory as vulnerable to directory listing.
Here is an example of an HTTP request sent by the module:
GET /wp-content/uploads/ HTTP/1.1
Host: example.com
The module then analyzes the response to determine if the matching conditions are satisfied.