WordPress Plugin lifterlms Listing

What is the "WordPress Plugin lifterlms Listing?"

The "WordPress Plugin lifterlms Listing" module is designed to detect sensitive directories present in the lifterlms plugin. LifterLMS is a popular WordPress plugin used for creating and managing online courses. This module focuses on identifying potential misconfigurations or vulnerabilities within the lifterlms plugin.

Severity: Informative

Author: pussycat0x

Impact

This module aims to identify any sensitive directories that may be exposed in the lifterlms plugin. The presence of such directories could potentially lead to unauthorized access or information disclosure, depending on the specific misconfiguration or vulnerability found.

How does the module work?

The module sends an HTTP GET request to the "/wp-content/plugins/lifterlms/" path of the target WordPress website. It then applies two matching conditions to determine if the response indicates the presence of sensitive directories:

- The response body contains the phrase "Index of" and "/wp-content/plugins/lifterlms/". - The response status code is 200 (OK).

If both conditions are met, the module considers the presence of sensitive directories within the lifterlms plugin as detected.

Example HTTP request:

GET /wp-content/plugins/lifterlms/ HTTP/1.1
Host: example.com

Note: The actual HTTP request may contain additional headers or parameters depending on the configuration of the Vidoc platform.

Metadata: max-request: 1

Reference: https://www.exploit-db.com/ghdb/6420