Fixes #1599

2021-01-29 13:34:39 +01:00
parent fa3005f2b7
commit 11f35d86ff
3 changed files with 27 additions and 11 deletions
--- a/app/finders/db_exports/known_locations.rb
+++ b/app/finders/db_exports/known_locations.rb
@@ -7,7 +7,7 @@ module WPScan
      class KnownLocations < CMSScanner::Finders::Finder
        include CMSScanner::Finders::Finder::Enumerator

-        SQL_PATTERN = /(?:DROP|(?:UN)?LOCK|CREATE) TABLE|INSERT INTO/.freeze
+        SQL_PATTERN = /(?:DROP|(?:UN)?LOCK|CREATE|ALTER) (?:TABLE|DATABASE)|INSERT INTO/.freeze

        # @param [ Hash ] opts
        # @option opts [ String ] :list
--- a/spec/app/finders/db_exports/known_locations_spec.rb
+++ b/spec/app/finders/db_exports/known_locations_spec.rb
@@ -102,19 +102,29 @@ describe WPScan::Finders::DbExports::KnownLocations do
        expect(target).to receive(:homepage_or_404?).twice.and_return(false)
      end

-      it 'returns the expected Array<DbExport>' do
-        expected = []
+      context 'when matching the pattern' do
+        it 'returns the expected Array<DbExport>' do
+          expected = []

-        found_files.each do |file|
-          url = "#{target.url}#{file}"
-          expected << WPScan::Model::DbExport.new(
-            url,
-            confidence: 100,
-            found_by: described_class::DIRECT_ACCESS
-          )
+          found_files.each do |file|
+            url = "#{target.url}#{file}"
+            expected << WPScan::Model::DbExport.new(
+              url,
+              confidence: 100,
+              found_by: described_class::DIRECT_ACCESS
+            )
+          end
+
+          expect(finder.aggressive(opts)).to eql expected
        end
+      end

-        expect(finder.aggressive(opts)).to eql expected
+      context 'when not matching the pattern' do
+        let(:db_export) { '' }
+
+        it 'returns an empty array' do
+          expect(finder.aggressive(opts)).to eql []
+        end
      end
    end
  end
--- a/spec/fixtures/finders/db_exports/dump.sql
+++ b/spec/fixtures/finders/db_exports/dump.sql
@@ -35,3 +35,9 @@ LOCK TABLES `wp_comments` WRITE;
 INSERT INTO `wp_comments` VALUES (1,1,'A WordPress Commenter','wapuu@wordpress.example','https://wordpress.org/','','2017-02-17 18:22:27','2017-02-17 18:22:27','Hi, this is a comment.\nTo get started with moderating, editing, and deleting comments, please visit the Comments screen in the dashboard.\nCommenter avatars come from <a href=\"https://gravatar.com\">Gravatar</a>.',0,'1','','',0,0);
 /*!40000 ALTER TABLE `wp_comments` ENABLE KEYS */;
 UNLOCK TABLES;
+
+CREATE DATABASE Sales;
+
+ALTER DATABASE Test1
+ADD FILEGROUP Test1FG1;
+GO