From 130a2a44e8cdd8593e00551fd93571d029b9ed5b Mon Sep 17 00:00:00 2001
From: erwanlr <erwan.lr@gmail.com>
Date: Tue, 26 Mar 2013 13:02:00 +0100
Subject: [PATCH] Fixes #150 BackupBuddy added

---
 lib/wpscan/wp_target.rb | 10 ++++++++++
 main.rb                 |  8 ++++++++
 2 files changed, 18 insertions(+)

diff --git a/lib/wpscan/wp_target.rb b/lib/wpscan/wp_target.rb
index 94b2c648..3c6b5593 100644
--- a/lib/wpscan/wp_target.rb
+++ b/lib/wpscan/wp_target.rb
@@ -155,6 +155,16 @@ class WpTarget < WebSite
     resp.code == 200 && resp.body[%r{by interconnect}i]
   end
 
+  # FIXME: a plugin which does not follow the wordpress plugin system
+  def backupbuddy_url
+    @uri.merge('importbuddy.php').to_s
+  end
+
+  def has_backupbuddy?
+    response = Browser.instance.get(backupbuddy_url)
+    response.code == 200 && response.body[%r{BackupBuddy}i]
+  end
+
   # Should check wp-login.php if registration is enabled or not
   def registration_enabled?
     resp = Browser.instance.get(registration_url)
diff --git a/main.rb b/main.rb
index 71d95256..1751fc45 100644
--- a/main.rb
+++ b/main.rb
@@ -170,6 +170,14 @@ def main
       puts red("[!] searchreplacedb2.php has been found '#{wp_target.search_replace_db_2_url}'")
     end
 
+    if wp_target.has_backupbuddy?
+      puts red("[!] BackupBuddy has been found")
+      puts ' |'
+      puts " | Location: #{wp_target.backupbuddy_url}"
+      puts ' | ' + red('* Reference: http://seclists.org/fulldisclosure/2013/Mar/206')
+      puts
+    end
+
     if wp_target.is_multisite?
       puts green('[+]') + ' This site seems to be a multisite (http://codex.wordpress.org/Glossary#Multisite)'
     end