Fixes #1322

app/finders/db_exports/known_locations.rb

@@ -4,7 +4,9 @@ module WPScan
       # DB Exports finder
       # See https://github.com/wpscanteam/wpscan-v3/issues/62
       class KnownLocations < CMSScanner::Finders::Finder
-        include CMSScanner::Finders::Finder::Enumerator
+        include Finders::Finder::Enumerator
+
+        SQL_PATTERN = /(?:DROP|(?:UN)?LOCK|CREATE) TABLE|INSERT INTO/.freeze
 
         # @param [ Hash ] opts
         # @option opts [ String ] :list
@@ -15,14 +17,21 @@ module WPScan
           found = []
 
           enumerate(potential_urls(opts), opts) do |res|
-            next unless res.code == 200 && res.body =~ /INSERT INTO/
-
             found << WPScan::DbExport.new(res.request.url, found_by: DIRECT_ACCESS, confidence: 100)
           end
 
           found
         end
 
+        def valid_response?(res, _exclude_content = nil)
+          return false unless res.code == 200
+
+          return true if res.effective_url.end_with?('.zip') &&
+                         res.headers['Content-Type'] =~ %r{\Aapplication/zip}i
+
+          Browser.get(res.effective_url, headers: { 'Range' => 'bytes=0-3000' }).body =~ SQL_PATTERN ? true : false
+        end
+
         # @param [ Hash ] opts
         # @option opts [ String ] :list Mandatory
         #

app/finders/interesting_findings/tmm_db_migrate.rb

@@ -7,7 +7,7 @@ module WPScan
         def aggressive(_opts = {})
           path = 'wp-content/uploads/tmm_db_migrate/tmm_db_migrate.zip'
           url  = target.url(path)
-          res  = Browser.get(url)
+          res  = browser.forge_request(url, target.head_or_get_request_params).run
 
           return unless res.code == 200 && res.headers['Content-Type'] =~ %r{\Aapplication/zip}i
 

app/finders/interesting_findings/upload_sql_dump.rb

@@ -3,24 +3,25 @@ module WPScan
     module InterestingFindings
       # UploadSQLDump finder
       class UploadSQLDump < CMSScanner::Finders::Finder
-        SQL_PATTERN = /(?:(?:(?:DROP|CREATE) TABLE)|INSERT INTO)/.freeze
+        SQL_PATTERN = /(?:DROP|CREATE|(?:UN)?LOCK) TABLE|INSERT INTO/.freeze
 
         # @return [ InterestingFinding ]
         def aggressive(_opts = {})
-          url = dump_url
-          res = Browser.get(url)
+          head_res = browser.forge_request(dump_url, target.head_or_get_request_params).run
 
-          return unless res.code == 200 && res.body =~ SQL_PATTERN
+          return unless head_res.code == 200
+
+          return unless Browser.get(dump_url, headers: { 'Range' => 'bytes=0-3000' }).body =~ SQL_PATTERN
 
           WPScan::UploadSQLDump.new(
-            url,
+            dump_url,
             confidence: 100,
             found_by: DIRECT_ACCESS
           )
         end
 
         def dump_url
-          target.url('wp-content/uploads/dump.sql')
+          @dump_url ||= target.url('wp-content/uploads/dump.sql')
         end
       end
     end

app/finders/timthumbs/known_locations.rb

@@ -22,15 +22,13 @@ module WPScan
         end
 
         # @param [ Typhoeus::Response ] res
-        # @param [ Regexp,nil ] exclude_content
+        # @param [ Regexp, nil ] exclude_content
         #
         # @return [ Boolean ]
         def valid_response?(res, _exclude_content = nil)
           return false unless res.code == 400
 
-          full_res = Browser.get(res.effective_url, cache_ttl: 0)
-
-          full_res.body =~ /no image specified/i ? true : false
+          Browser.get(res.effective_url).body =~ /no image specified/i ? true : false
         end
 
         # @param [ Hash ] opts