Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "WordPress Redirection Plugin Directory Listing" module is designed to detect sensitive directories present in the Redirection plugin for WordPress. This module focuses on identifying potential misconfigurations or vulnerabilities within the plugin.
The Redirection plugin is a popular tool used in WordPress websites to manage URL redirections and track 404 errors. It allows website owners to redirect URLs, track clicks, and monitor site traffic.
This module has an informative severity level, meaning it provides valuable information without indicating a critical vulnerability.
Author: dhiyaneshDk
This module aims to identify potential directory listing vulnerabilities within the Redirection plugin. Directory listing vulnerabilities can expose sensitive information, such as directory structure, file names, and potentially confidential data, to unauthorized users. By detecting these vulnerabilities, website owners can take appropriate measures to secure their WordPress installations and protect sensitive information.
The "WordPress Redirection Plugin Directory Listing" module utilizes HTTP request templates and matching conditions to identify directory listing vulnerabilities within the Redirection plugin.
One example of an HTTP request used by this module is a GET request to the "/wp-content/plugins/redirection/" path. The module then applies matching conditions to determine if the response indicates a directory listing vulnerability.
The matching conditions used by this module are:
- Matcher 1: Checks if the response contains the words "Index of" and "/wp-content/plugins/redirection/". - Matcher 2: Verifies if the response status code is 200 (indicating a successful request).If both matching conditions are met, the module identifies a potential directory listing vulnerability within the Redirection plugin.
It's important to note that this module is just one test case within the Vidoc platform, which utilizes multiple modules to perform comprehensive scanning and detection of various misconfigurations, vulnerabilities, and software fingerprints.
Reference: https://www.exploit-db.com/ghdb/6436
Metadata: max-request: 1