Day 74/100 Hack and Improvement

less than 1 minute read

Day 74 comes with a write up source related to information disclosure.

Information Disclosure

From Sam (CoffeeJunkie). As a noobie and having a bunch of targets running common CMSs such as drupal and wordpress, I came across this write up where it explains how the attacker found Information Disclosure by using WPScan. This is pretty interesting to me due to the fact that some of the CMSs might be well managed by the company and some vulnerabilities have been patched and some endpoints have been configured properly. Therefore, the attacker by doing some basic recon, he was able to find back ups from the DB in a file such as wp-config.php.bak. Full write up here.

That’s it for today, happy monday.


Leave a comment