Vidoc logo

Module library

All modulesVisit vidocsecurity.com
Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Start for free

WordPress Redirection Plugin Directory Listing

By kannthu

Informative
Vidoc logoVidoc Module
#wordpress#listing#plugin#edb
Description

What is the "WordPress Redirection Plugin Directory Listing?"

The "WordPress Redirection Plugin Directory Listing" module is designed to detect sensitive directories present in the Redirection plugin for WordPress. This module focuses on identifying potential misconfigurations or vulnerabilities within the plugin.

The Redirection plugin is a popular tool used in WordPress websites to manage URL redirections and track 404 errors. It allows website owners to redirect URLs, track clicks, and monitor site traffic.

This module has an informative severity level, meaning it provides valuable information without indicating a critical vulnerability.

Author: dhiyaneshDk

Impact

This module aims to identify potential directory listing vulnerabilities within the Redirection plugin. Directory listing vulnerabilities can expose sensitive information, such as directory structure, file names, and potentially confidential data, to unauthorized users. By detecting these vulnerabilities, website owners can take appropriate measures to secure their WordPress installations and protect sensitive information.

How does the module work?

The "WordPress Redirection Plugin Directory Listing" module utilizes HTTP request templates and matching conditions to identify directory listing vulnerabilities within the Redirection plugin.

One example of an HTTP request used by this module is a GET request to the "/wp-content/plugins/redirection/" path. The module then applies matching conditions to determine if the response indicates a directory listing vulnerability.

The matching conditions used by this module are:

- Matcher 1: Checks if the response contains the words "Index of" and "/wp-content/plugins/redirection/". - Matcher 2: Verifies if the response status code is 200 (indicating a successful request).

If both matching conditions are met, the module identifies a potential directory listing vulnerability within the Redirection plugin.

It's important to note that this module is just one test case within the Vidoc platform, which utilizes multiple modules to perform comprehensive scanning and detection of various misconfigurations, vulnerabilities, and software fingerprints.

Reference: https://www.exploit-db.com/ghdb/6436

Metadata: max-request: 1

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/wp-content/plugins/...
Matching conditions
word: Index of, /wp-content/plugins/redirectio...and
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability