Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

WP-CLI Yaml File Exposure

By kannthu

Informative
Vidoc logoVidoc Module
#config#exposure#wp-cli#files
Description

What is the "WP-CLI Yaml File Exposure?" module?

The "WP-CLI Yaml File Exposure" module is designed to detect a specific misconfiguration in the WP-CLI configuration file (wp-cli.yml) of a WordPress website. WP-CLI is a command-line interface for managing WordPress installations, and the configuration file contains various settings and options for WP-CLI commands.

This module focuses on the exposure of the wp-cli.yml file, which can potentially reveal sensitive information about the website's configuration. It is important to address this misconfiguration to prevent unauthorized access or potential security risks.

The severity of this module is classified as informative, indicating that it provides valuable information about the misconfiguration but does not directly pose a security vulnerability.

This module was authored by DhiyaneshDk.

Impact

If the WP-CLI Yaml File Exposure is detected, it means that the wp-cli.yml file is accessible to anyone who can access the specific URL. This can potentially expose sensitive information, such as database credentials, API keys, or other configuration details, to unauthorized individuals.

While this module does not directly exploit the exposed information, it highlights the importance of securing the wp-cli.yml file to prevent potential security risks and unauthorized access to sensitive data.

How does the module work?

The "WP-CLI Yaml File Exposure" module works by sending an HTTP GET request to the "/wp-cli.yml" path of the target WordPress website. It then applies specific matching conditions to determine if the misconfiguration is present.

One of the matching conditions checks if the response body contains the words "apache_modules:" and "mod_rewrite". This condition verifies if the Apache module "mod_rewrite" is mentioned in the wp-cli.yml file, indicating a potential misconfiguration.

Another matching condition checks if the HTTP response status is 200, indicating a successful request. This condition ensures that the wp-cli.yml file is accessible and can be retrieved.

By combining these matching conditions, the module can accurately detect the misconfiguration and report it as an informative finding.

It is important to address this misconfiguration by securing the wp-cli.yml file and ensuring that sensitive information is not exposed to unauthorized individuals.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/wp-cli.yml
Matching conditions
word: apache_modules:, mod_rewriteand
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability