Day 74 comes with a write up source related to information disclosure.
From Sam (CoffeeJunkie). As a noobie and having a bunch of targets running common CMSs such as drupal and wordpress, I came across this write up where it explains how the attacker found Information Disclosure by using WPScan. This is pretty interesting to me due to the fact that some of the CMSs might be well managed by the company and some vulnerabilities have been patched and some endpoints have been configured properly. Therefore, the attacker by doing some basic recon, he was able to find back ups from the DB in a file such as
wp-config.php.bak. Full write up here.
That’s it for today, happy monday.