Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Wordpress sym404 directory

By kannthu

Vidoc logoVidoc Module

What is the "Wordpress sym404 directory?" module?

The "Wordpress sym404 directory" module is designed to detect sensitive directories present in the sym404 of Wordpress websites. It targets the sym404 directory, which is a common location for misconfigurations and vulnerabilities. This module has a high severity level, indicating that it can potentially expose sensitive information or lead to further security issues if not addressed.

This module was authored by pussycat0x.


If the "Wordpress sym404 directory" module detects a misconfiguration or vulnerability, it can potentially expose sensitive directories within the sym404 of a Wordpress website. This can lead to unauthorized access, data leakage, or other security risks.

How does the module work?

The "Wordpress sym404 directory" module works by sending an HTTP GET request to the "/wp-includes/sym404/root/etc/passwd" path of the target Wordpress website. It then applies matching conditions to determine if the response contains sensitive information and if the request was successful (status code 200).

The matching conditions for this module are as follows:

- The response body must match the regular expression "root:.*:0:0:" - The response status code must be 200

If both conditions are met, the module considers the target website to have a potential misconfiguration or vulnerability in the sym404 directory.

It is important to note that this module is just one test case within the Vidoc platform, which utilizes multiple modules to perform comprehensive scanning and detection of Wordpress vulnerabilities, misconfigurations, and software fingerprints.

For more information, you can refer to the reference tweet by pussycat0x.


- max-request: 1 - verified: true - google-query: inurl:"/wp-includes/sym404/"

Module preview

Concurrent Requests (1)
1. HTTP Request template
Matching conditions
regex: root:.*:0:0:and
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability