Closed ethicalhack3r closed 4 years ago
Would be good to add a check for the wpeprivate/config.json file that apparently contains sensitive information.
wpeprivate/config.json
I've yet to find an example of what one looks like.
References:
https://twitter.com/bugbountynights/status/1198392055044755456?s=19
https://www.acunetix.com/vulnerabilities/web/wpengine-_wpeprivate-config-json-information-disclosure/
IMO it's not worth it. Was an issue related to a provider, who fixed it and all the hosted blogs are no longer affected.
Would be good to add a check for the
wpeprivate/config.json
file that apparently contains sensitive information.I've yet to find an example of what one looks like.
References:
https://twitter.com/bugbountynights/status/1198392055044755456?s=19
https://www.acunetix.com/vulnerabilities/web/wpengine-_wpeprivate-config-json-information-disclosure/