Add check for WPEngine _wpeprivate/config.json

wpscanteam / wpscan

WPScan WordPress security scanner. Written for security professionals and blog maintainers to test the security of their WordPress websites. Contact us via contact@wpscan.com

https://wpscan.com/wordpress-cli-scanner

Other

8.61k stars 1.27k forks source link

Add check for WPEngine _wpeprivate/config.json #1430

Closed ethicalhack3r closed 4 years ago

ethicalhack3r commented 4 years ago

Would be good to add a check for the wpeprivate/config.json file that apparently contains sensitive information.

I've yet to find an example of what one looks like.

References:

https://twitter.com/bugbountynights/status/1198392055044755456?s=19

https://www.acunetix.com/vulnerabilities/web/wpengine-_wpeprivate-config-json-information-disclosure/

erwanlr commented 4 years ago

IMO it's not worth it. Was an issue related to a provider, who fixed it and all the hosted blogs are no longer affected.