Prepare for liftoff, fellow space explorers of the digital galaxy! In the boundless expanse of cyberspace, your WordPress website is akin to a spacecraft on an interstellar voyage. At the core of this cosmic vessel lies a vault of unimaginable value—the wp-config.php file. But beware, for this cosmic treasure, if intercepted, can lead to the…
Tag: wordpress
WordPress basic auditing
Wordpress Read me
target/readme.html
Wordpress License with wordpress version
target/license.txt
Wordpress sample config:
target/wp-config-sample.php
Wordpress installation:
target/wp-admin/install.php
Wordpress upgrade file:
target/wp-admin/upgrade.php
Wordpress setup config:
target/wp-admin/setup-config.php
Wordpress Api usefull paths:
target/wp-json/wp/v2/users – enumerate users
target/wp-json/wp/v2/posts – enumerate posts
target/wp-json – wordpress api
Script to enumerate users thought authors of blog:
for i in {1..30}; do curl -s -L -i target | grep -E -o “\” title=\”View all posts by [a-z0-9A-Z-.]|Location:.” | sed ‘s/\// /g’ | cut -f 6 -d ‘ ‘ | grep -v “^$”; done
Wordpress Plugins readme or license:
target/wp-content/plugins/plugin name/readme.txt or /license.txt
Wordpress Theme readme or license:
target/wp-content/theme/nome-do-theme/readme.txt, /changeglog.txt or /license.txt