Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

WordPress Installer Log

By kannthu

Informative
Vidoc logoVidoc Module
#wordpress#log
Description

What is the "WordPress Installer Log?"

The "WordPress Installer Log" module is designed to detect the presence of an installer log file in WordPress installations. It targets WordPress websites and checks for the existence of a specific log file that is generated during the installation process. The severity of this module is informative, meaning it provides information rather than indicating a vulnerability or misconfiguration. The original author of this module is dwisiswant0.

Impact

This module does not have a direct impact on the security or functionality of the WordPress website. It simply identifies the presence of an installer log file, which can be useful for troubleshooting or auditing purposes.

How does the module work?

The "WordPress Installer Log" module works by sending an HTTP GET request to the "/installer-log.txt" path of the target WordPress website. It then applies two matching conditions to determine if the installer log file exists:

    - The module uses a regular expression matcher to search for the presence of the string "DUPLICATOR(-|\s)?(PRO|LITE)?:? INSTALL-LOG" in the response body. This pattern is commonly found in installer log files generated by the Duplicator plugin for WordPress. - The module also checks if the HTTP response status code is 200, indicating a successful request.

If both matching conditions are met, the module reports a positive match, indicating the presence of the installer log file.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/installer-log.txt
Matching conditions
regex: (?mi)DUPLICATOR(-|\s)?(PRO|LITE)?:? INST...and
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability