garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

docs

Browse Source
This commit is contained in:
Christian Mehlmauer
2013-01-27 01:16:44 +01:00
parent 60a6f16ddd
commit 1afe12657f
38 changed files with 3644 additions and 437 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
doc/WpTheme.html
View File

@@ -265,7 +265,7 @@
<div class="method-source-code" id="find-source">
<pre><span class="ruby-comment"># File lib/wpscan/wp_theme.rb, line 44</span>
<pre><span class="ruby-comment"># File lib/wpscan/wp_theme.rb, line 47</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">find</span>(<span class="ruby-identifier">target_uri</span>)
<span class="ruby-keyword">self</span>.<span class="ruby-identifier">methods</span>.<span class="ruby-identifier">grep</span>(<span class="ruby-regexp">%rfind_from_/</span>).<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">method_to_call</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">theme</span> = <span class="ruby-keyword">self</span>.<span class="ruby-identifier">send</span>(<span class="ruby-identifier">method_to_call</span>, <span class="ruby-identifier">target_uri</span>)
@@ -302,12 +302,15 @@
<div class="method-source-code" id="new-source">
<pre><span class="ruby-comment"># File lib/wpscan/wp_theme.rb, line 25</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">initialize</span>(<span class="ruby-identifier">options</span> = {})
<span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_file</span>] = (<span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_file</span>] <span class="ruby-operator">!=</span> <span class="ruby-keyword">nil</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_file</span>] <span class="ruby-operator">!=</span> <span class="ruby-string">&quot;&quot;</span>) <span class="ruby-operator">?</span>
<span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_file</span>] <span class="ruby-operator">:</span> <span class="ruby-constant">THEMES_VULNS_FILE</span>
<span class="ruby-keyword">if</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_file</span>].<span class="ruby-identifier">nil?</span> <span class="ruby-keyword">or</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_file</span>] <span class="ruby-operator">==</span> <span class="ruby-string">''</span>
<span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_file</span>] = <span class="ruby-constant">THEMES_VULNS_FILE</span>
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_xpath</span>] = <span class="ruby-string">&quot;//theme[@name='$name$']/vulnerability&quot;</span>
<span class="ruby-identifier">options</span>[<span class="ruby-value">:type</span>] = <span class="ruby-string">&quot;themes&quot;</span>
<span class="ruby-identifier">options</span>[<span class="ruby-value">:type</span>] = <span class="ruby-string">'themes'</span>
<span class="ruby-ivar">@version</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:version</span>]
<span class="ruby-ivar">@style_url</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:style_url</span>]
<span class="ruby-keyword">super</span>(<span class="ruby-identifier">options</span>)
<span class="ruby-keyword">end</span></pre>
</div><!-- new-source -->
@@ -342,9 +345,9 @@
<div class="method-source-code" id="find_from_css_link-source">
<pre><span class="ruby-comment"># File lib/wpscan/wp_theme.rb, line 60</span>
<pre><span class="ruby-comment"># File lib/wpscan/wp_theme.rb, line 63</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">find_from_css_link</span>(<span class="ruby-identifier">target_uri</span>)
<span class="ruby-identifier">response</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">target_uri</span>.<span class="ruby-identifier">to_s</span>, {<span class="ruby-value">:follow_location</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-keyword">true</span>, <span class="ruby-value">:max_redirects</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-value">2</span>})
<span class="ruby-identifier">response</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">target_uri</span>.<span class="ruby-identifier">to_s</span>, { <span class="ruby-identifier">follow_location</span><span class="ruby-operator">:</span> <span class="ruby-keyword">true</span>, <span class="ruby-identifier">max_redirects</span><span class="ruby-operator">:</span> <span class="ruby-value">2</span> })
<span class="ruby-identifier">matches</span> = <span class="ruby-regexp">%r{https?://[^&quot;']+/([^/]+)/themes/([^&quot;']+)/style.css}</span>.<span class="ruby-identifier">match</span>(<span class="ruby-identifier">response</span>.<span class="ruby-identifier">body</span>)
<span class="ruby-keyword">if</span> <span class="ruby-identifier">matches</span>
@@ -352,11 +355,12 @@
<span class="ruby-identifier">wp_content_dir</span> = <span class="ruby-identifier">matches</span>[<span class="ruby-value">1</span>]
<span class="ruby-identifier">theme_name</span> = <span class="ruby-identifier">matches</span>[<span class="ruby-value">2</span>]
<span class="ruby-keyword">return</span> <span class="ruby-identifier">new</span>(<span class="ruby-value">:name</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">theme_name</span>,
<span class="ruby-value">:style_url</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">style_url</span>,
<span class="ruby-value">:base_url</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">target_uri</span>,
<span class="ruby-value">:path</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">theme_name</span>,
<span class="ruby-value">:wp_content_dir</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">wp_content_dir</span>
<span class="ruby-keyword">return</span> <span class="ruby-identifier">new</span>(
<span class="ruby-identifier">name</span><span class="ruby-operator">:</span> <span class="ruby-identifier">theme_name</span>,
<span class="ruby-identifier">style_url</span><span class="ruby-operator">:</span> <span class="ruby-identifier">style_url</span>,
<span class="ruby-identifier">base_url</span><span class="ruby-operator">:</span> <span class="ruby-identifier">target_uri</span>,
<span class="ruby-identifier">path</span><span class="ruby-operator">:</span> <span class="ruby-identifier">theme_name</span>,
<span class="ruby-identifier">wp_content_dir</span><span class="ruby-operator">:</span> <span class="ruby-identifier">wp_content_dir</span>
)
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span></pre>
@@ -387,7 +391,7 @@ href="http://code.google.com/p/wpscan/issues/detail?id=141">code.google.com/p/wp
<div class="method-source-code" id="find_from_wooframework-source">
<pre><span class="ruby-comment"># File lib/wpscan/wp_theme.rb, line 79</span>
<pre><span class="ruby-comment"># File lib/wpscan/wp_theme.rb, line 83</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">find_from_wooframework</span>(<span class="ruby-identifier">target_uri</span>)
<span class="ruby-identifier">body</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">target_uri</span>.<span class="ruby-identifier">to_s</span>).<span class="ruby-identifier">body</span>
<span class="ruby-identifier">regexp</span> = <span class="ruby-regexp">%r{&lt;meta name=&quot;generator&quot; content=&quot;([^\s&quot;]+)\s?([^&quot;]+)?&quot; /&gt;\s+&lt;meta name=&quot;generator&quot; content=&quot;WooFramework\s?([^&quot;]+)?&quot; /&gt;}</span>
@@ -398,11 +402,12 @@ href="http://code.google.com/p/wpscan/issues/detail?id=141">code.google.com/p/wp
<span class="ruby-identifier">woo_theme_version</span> = <span class="ruby-identifier">matches</span>[<span class="ruby-value">2</span>]
<span class="ruby-identifier">woo_framework_version</span> = <span class="ruby-identifier">matches</span>[<span class="ruby-value">3</span>] <span class="ruby-comment"># Not used at this time</span>
<span class="ruby-keyword">return</span> <span class="ruby-identifier">new</span>(<span class="ruby-value">:name</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">woo_theme_name</span>,
<span class="ruby-value">:version</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">woo_theme_version</span>,
<span class="ruby-value">:base_url</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">matches</span>[<span class="ruby-value">0</span>],
<span class="ruby-value">:path</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-string">&quot;&quot;</span>,
<span class="ruby-value">:wp_content_dir</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-string">&quot;&quot;</span>
<span class="ruby-keyword">return</span> <span class="ruby-identifier">new</span>(
<span class="ruby-identifier">name</span><span class="ruby-operator">:</span> <span class="ruby-identifier">woo_theme_name</span>,
<span class="ruby-identifier">version</span><span class="ruby-operator">:</span> <span class="ruby-identifier">woo_theme_version</span>,
<span class="ruby-identifier">base_url</span><span class="ruby-operator">:</span> <span class="ruby-identifier">matches</span>[<span class="ruby-value">0</span>],
<span class="ruby-identifier">path</span><span class="ruby-operator">:</span> <span class="ruby-string">''</span>,
<span class="ruby-identifier">wp_content_dir</span><span class="ruby-operator">:</span> <span class="ruby-string">''</span>
)
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span></pre>
@@ -438,7 +443,7 @@ href="http://code.google.com/p/wpscan/issues/detail?id=141">code.google.com/p/wp
<div class="method-source-code" id="3D-3D-3D-source">
<pre><span class="ruby-comment"># File lib/wpscan/wp_theme.rb, line 53</span>
<pre><span class="ruby-comment"># File lib/wpscan/wp_theme.rb, line 56</span>
<span class="ruby-keyword">def</span> <span class="ruby-operator">===</span>(<span class="ruby-identifier">wp_theme</span>)
<span class="ruby-identifier">wp_theme</span>.<span class="ruby-identifier">name</span> <span class="ruby-operator">===</span> <span class="ruby-ivar">@name</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">wp_theme</span>.<span class="ruby-identifier">version</span> <span class="ruby-operator">===</span> <span class="ruby-ivar">@version</span>
<span class="ruby-keyword">end</span></pre>