bugfixing

2012-09-15 23:28:00 +02:00
parent 4c8fb5b1b9
commit 22006f40b8
4 changed files with 25 additions and 19 deletions
--- a/lib/wpscan/modules/wp_plugins.rb
+++ b/lib/wpscan/modules/wp_plugins.rb
@@ -22,10 +22,11 @@ module WpPlugins
  #
  # return array of WpPlugin
  def plugins_from_aggressive_detection(options)
-    options[:file]        = "#{DATA_DIR}/plugins.txt"
-    options[:vulns_file]  = "#{DATA_DIR}/plugin_vulns.xml"
-    options[:vulns_xpath] = "//plugin[@name='#{@name}']/vulnerability"
-    options[:type]        = "plugins"
+    options[:file]          = "#{DATA_DIR}/plugins.txt"
+    options[:vulns_file]    = "#{DATA_DIR}/plugin_vulns.xml"
+    options[:vulns_xpath]   = "//plugin[@name='#{@name}']/vulnerability"
+    options[:vulns_xpath_2] = "//plugin"
+    options[:type]          = "plugins"
    result = WpDetector.aggressive_detection(options)
    result
  end
--- a/lib/wpscan/modules/wp_themes.rb
+++ b/lib/wpscan/modules/wp_themes.rb
@@ -19,10 +19,11 @@
 module WpThemes

  def themes_from_aggressive_detection(options)
-    options[:file]        = "#{DATA_DIR}/themes.txt"
-    options[:vulns_file]  = "#{DATA_DIR}/theme_vulns.xml"
-    options[:vulns_xpath] = "//theme[@name='#{@name}']/vulnerability"
-    options[:type]        = "themes"
+    options[:file]          = "#{DATA_DIR}/themes.txt"
+    options[:vulns_file]    = "#{DATA_DIR}/wp_theme_vulns.xml"
+    options[:vulns_xpath]   = "//theme[@name='#{@name}']/vulnerability"
+    options[:vulns_xpath_2] = "//theme"
+    options[:type]          = "themes"
    result = WpDetector.aggressive_detection(options)
    result
  end
--- a/lib/wpscan/wp_enumerator.rb
+++ b/lib/wpscan/wp_enumerator.rb
@@ -76,8 +76,8 @@ class WpEnumerator

  def self.generate_items(options = {})
    only_vulnerable   = options[:only_vulnerable_ones]
-    plugins_file      = options[:file] || "#{DATA_DIR}/plugins.txt"
-    plugin_vulns_file = options[:vulns_file] || "#{DATA_DIR}/plugin_vulns.xml"
+    file              = options[:file]
+    vulns_file        = options[:vulns_file]
    wp_content_dir    = options[:wp_content_dir]
    url               = options[:url]
    type              = options[:type]
@@ -85,27 +85,28 @@ class WpEnumerator

    if only_vulnerable == false
      # Open and parse the 'most popular' plugin list...
-      File.open(plugins_file, 'r') do |file|
-        file.readlines.collect do |line|
-          targets_url << WpPlugin.new(:url => url, :path => line.strip, :wp_content_dir => wp_content_dir)
+      File.open(file, 'r') do |f|
+        f.readlines.collect do |line|
+          targets_url << WpPlugin.new(:url => url, :path => "#{type}/#{line.strip}", :wp_content_dir => wp_content_dir)
        end
      end
    end

-    xml = Nokogiri::XML(File.open(plugin_vulns_file)) do |config|
+    xml = Nokogiri::XML(File.open(vulns_file)) do |config|
      config.noblanks
    end

    # We check if the plugin name from the plugin_vulns_file is already in targets, otherwise we add it
-    xml.xpath("//plugin").each do |node|
-      plugin_name = node.attribute('name').text
+    xml.xpath(options[:vulns_xpath_2]).each do |node|
+      item_name = node.attribute('name').text

-      if targets_url.grep(%r{/#{plugin_name}/}).empty?
+      if targets_url.grep(%r{/#{item_name}/}).empty?
+        # TODO: Generic
        targets_url << WpPlugin.new(
            :url            => url,
-            :path           => "#{type}/#{plugin_name}",
+            :path           => "#{type}/#{item_name}",
            :wp_content_dir => wp_content_dir,
-            :name           => plugin_name
+            :name           => item_name
        )
      end
    end
--- a/lib/wpscan/wp_options.rb
+++ b/lib/wpscan/wp_options.rb
@@ -25,6 +25,7 @@
 # * +file+ - Filename with items to detect
 # * +vulns_file+ - XML file with vulnerabilities
 # * +vulns_xpath+ - XPath for vulnerability XML file
+# * +vulns_xpath_2+ - XPath for vulnerability XML file
 # * +wp_content_dir+ - Name of the wp-content directory
 # * +show_progress_bar+ - Show a progress bar during enumeration
 # * +error_404_hash+ - MD5 hash of a 404 page
@@ -37,6 +38,7 @@ class WpOptions
        :file                 => "",
        :vulns_file           => "",
        :vulns_xpath          => "",
+        :vulns_xpath_2        => "",
        :wp_content_dir       => "",
        :show_progress_bar    => true,
        :error_404_hash       => "",
@@ -51,6 +53,7 @@ class WpOptions
    raise("file must be set")                 unless options[:file] != nil and options[:file].length > 0
    raise("vulns_file must be set")           unless options[:vulns_file] != nil and options[:vulns_file].length > 0
    raise("vulns_xpath must be set")          unless options[:vulns_xpath] != nil and options[:vulns_xpath].length > 0
+    raise("vulns_xpath_2 must be set")        unless options[:vulns_xpath_2] != nil and options[:vulns_xpath_2].length > 0
    raise("wp_content_dir must be set")       unless options[:wp_content_dir] != nil and options[:wp_content_dir].length > 0
    raise("show_progress_bar must be set")    unless options[:show_progress_bar] != nil
    raise("error_404_hash must be set")       unless options[:error_404_hash] != nil and options[:error_404_hash].length > 0