Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

WordPress Popup Plugin Directory Listing

By kannthu

Informative
Vidoc logoVidoc Module
#wordpress#listing#plugin
Description

What is the "WordPress Popup Plugin Directory Listing?"

The "WordPress Popup Plugin Directory Listing" module is designed to detect sensitive directories present in the wordpress-popup plugin. It is a test case used by the Vidoc platform to scan for misconfigurations or vulnerabilities in the plugin.

This module targets the wordpress-popup plugin, which is a popular plugin used for creating popup windows on WordPress websites. The severity of this module is classified as informative, meaning it provides valuable information but does not indicate a critical vulnerability.

This module was authored by aashiq.

Impact

This module does not directly impact the functionality or security of the wordpress-popup plugin. Instead, it helps identify potential misconfigurations or vulnerabilities that could be exploited by attackers. By detecting sensitive directories, website owners can take appropriate measures to secure their plugin installation and prevent unauthorized access.

How does the module work?

The "WordPress Popup Plugin Directory Listing" module works by sending a specific HTTP request to the plugin's admin directory and then analyzing the response. It uses the following matching conditions:

- Status: The response status code must be 200, indicating a successful request. - Word: The response body must contain the phrases "Index of" and "/wp-content/plugins/wordpress-popup/views/admin".

If both matching conditions are met, the module considers the directory listing as potentially sensitive and reports it as a finding.

Here is an example of the HTTP request sent by the module:

GET /wp-content/plugins/wordpress-popup/views/admin/

The module then analyzes the response to determine if the directory listing is present.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/wp-content/plugins/...
Matching conditions
status: 200and
word: Index of, /wp-content/plugins/wordpress-...
Passive global matcher
No matching conditions.
On match action
Report vulnerability