.png)
5 hours ago
8 BOOK THIS SPACE FOR AD
ARTICLE AD
So recently, while I was randomly visiting websites (obviously for bugs), I came across a UK-based website. It was an educational website, and I did a little bit of research on it. I found out that the website was quite famous in the UK, so I thought, “Why not give it a try?”
So, I put my headphones on, played a sad song, and started looking at the screen like a broken detective! Just kidding, let’s be serious.
So I viewed my Wappalyzer plugin and found out that it was using WordPress. My mind said, “Let’s do a WPScan,” but my heart told me to open the terminal and type Gobuster to do some directory brute-forcing.
I know what you’re thinking: Why not WPScan first before directory brute-force? Same question I asked myself, but the answer was right there on my screen. I found a directory called “data.” I thought it would be an obvious 404 Forbidden, but my luck was shining brighter than your teeth And guess what? I got a directory listing.
Before you laugh at me, check out the image.
I got the wp-admin full file with a whopping 14 GB. I know I probably shouldn’t have downloaded that file and should’ve reported…
Bengali (Bangladesh) · 
English (United States) ·