garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix #112 Multiple redirections detection

Browse Source
This commit is contained in:
erwanlr
2013-01-19 15:03:58 +01:00
parent 9b34b6597f
commit 0b5d7ad147
3 changed files with 28 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
lib/wpscan/modules/web_site.rb
View File

@@ -70,8 +70,9 @@ module WebSite
@xmlrpc_url @xmlrpc_url
end end
# see if the remote url returns 30x redirect # See if the remote url returns 30x redirect
# return a string with the redirection or nil # This method is recursive
# Return a string with the redirection or nil
def redirection(url = nil) def redirection(url = nil)
redirection = nil redirection = nil
url ||= @uri.to_s url ||= @uri.to_s
@@ -79,6 +80,11 @@ module WebSite
if response.code == 301 || response.code == 302 if response.code == 301 || response.code == 302
redirection = response.headers_hash['location'] redirection = response.headers_hash['location']
# Let's check if there is a redirection in the redirection
if other_redirection = redirection(redirection)
redirection = other_redirection
end
end end
redirection redirection

19
spec/lib/wpscan/modules/web_site_spec.rb
View File

@@ -112,12 +112,29 @@ shared_examples_for "WebSite" do
[301, 302].each do |status_code| [301, 302].each do |status_code|
it "should return http://new-location.com if the status code is #{status_code}" do it "should return http://new-location.com if the status code is #{status_code}" do
new_location = "http://new-location.com"
stub_request(:get, web_site.url). stub_request(:get, web_site.url).
to_return(:status => status_code, :headers => {:location => "http://new-location.com"}) to_return(:status => status_code, :headers => { :location => new_location })
stub_request(:get, new_location).to_return(:status => 200)
web_site.redirection.should === "http://new-location.com" web_site.redirection.should === "http://new-location.com"
end end
end end
context "when multiple redirections" do
it "should return the last redirection" do
first_redirection = "www.redirection.com"
last_redirection = "redirection.com"
stub_request(:get, web_site.url).to_return(:status => 301, :headers => { :location => first_redirection })
stub_request(:get, first_redirection).to_return(:status => 302, :headers => { :location => last_redirection })
stub_request(:get, last_redirection).to_return(:status => 200)
web_site.redirection.should === last_redirection
end
end
end end
describe "#page_hash" do describe "#page_hash" do

3
spec/lib/wpscan/wp_target_spec.rb
View File

@@ -77,7 +77,8 @@ describe WpTarget do
it "should return the redirection url if there is one (ie: for https)" do it "should return the redirection url if there is one (ie: for https)" do
https_login_url = login_url.gsub(/^http:/, "https:") https_login_url = login_url.gsub(/^http:/, "https:")
stub_request(:get, login_url).to_return(:status => 302, :headers => {:location => https_login_url}) stub_request(:get, login_url).to_return(:status => 302, :headers => { :location => https_login_url })
stub_request(:get, https_login_url).to_return(:status => 200)
@wp_target.login_url.should === https_login_url @wp_target.login_url.should === https_login_url
end end