WordPress
Sensitive Files / Directories
- wordpress/wp-settings.php
- /wp-content/plugins/
- Sometimes a directory listing of plugins is enabled, usually not.
Remote Code Execution (RCE)
- Login as admin, edit theme or upload malicious plugin
- Look for vulnerable plugins
- Write web shell code to any page we have write access to
- Check for writable pages under themes section
- Tools
| --plugins-detection aggressive |
Aggressively search for plugins |
| ap |
All plugins |
| at |
All Themes |
| cb |
Config Backups |
| dbe |
Database Exports |
| u |
usernames |