Pull requests

#37 Merged
Repository
shipcod3 shipcod3
Branch
master
Repository
LaNMaSteR53 LaNMaSteR53
Branch
master

wpconfig_exposed.py: Exposed WordPress Config Page Checker

Author
  1. Jay Turla
Reviewers
Description

Checks the hosts for possible exposed wp-config files which contains WordPress MySQL configuration.

Examples:

inurl:wp-config.txt ext:txt

Updates:

-Using regex in Google search is good  just like finding other backdoor shells.
- Added 2 more known files

Comments (7)

  1. Tim Tomes repo owner

    I'm beginning to wonder if we shouldn't make this a universal file backup checker where you have an option for the URI and filename and the module puts all of the pieces together and makes the checks. Just make the default file wp-config.php and the script will do the rest, but also giving you the flexibility to look for other file backups as well..

    1. Tim Tomes repo owner

      That won't work right. You need the original extension to make the rest work and not every file will be php. For the checks dont include the original extension, strip it like so: '.'.join(filename.split('.')[:-1]) or filename[:filename.rindex('.')].