diff --git a/lib/wpscan/modules/wp_timthumbs.rb b/lib/wpscan/modules/wp_timthumbs.rb index dbf3e9ba..e51fce0e 100644 --- a/lib/wpscan/modules/wp_timthumbs.rb +++ b/lib/wpscan/modules/wp_timthumbs.rb @@ -29,7 +29,7 @@ module WpTimthumbs if @wp_timthumbs.nil? options[:type] = "timthumbs" options[:only_vulnerable_ones] = false - options[:file] = DATA_DIR + "/timthumbs.txt" + options[:file] = options[:file] || DATA_DIR + "/timthumbs.txt" options[:vulns_file] = "xxx" options[:vulns_xpath] = "xxx" options[:vulns_xpath_2] = "xxx" @@ -50,10 +50,10 @@ module WpTimthumbs targets = [] theme_name = URI.escape(theme_name) - [ - 'timthumb.php', 'lib/timthumb.php', 'inc/timthumb.php', 'includes/timthumb.php', - 'scripts/timthumb.php', 'tools/timthumb.php', 'functions/timthumb.php' - ].each do |file| + %w{ + timthumb.php lib/timthumb.php inc/timthumb.php includes/timthumb.php + scripts/timthumb.php tools/timthumb.php functions/timthumb.php + }.each do |file| targets << { :url => options[:url], :path => "themes/#{theme_name}/#{file}", diff --git a/spec/fixtures/wpscan/modules/wp_timthumbs/timthumbs.txt b/spec/fixtures/wpscan/modules/wp_timthumbs/timthumbs.txt index 5463268b..340da2ab 100644 --- a/spec/fixtures/wpscan/modules/wp_timthumbs/timthumbs.txt +++ b/spec/fixtures/wpscan/modules/wp_timthumbs/timthumbs.txt @@ -1,3 +1,3 @@ -wp-content/plugins/feature-slideshow/timthumb.php -wp-content/plugins/fotoslide/timthumb.php -wp-content/plugins/feature-slideshow/timthumb.php +plugins/feature-slideshow/timthumb.php +plugins/fotoslide/timthumb.php +plugins/feature-slideshow/timthumb.php diff --git a/spec/lib/wpscan/modules/wp_timthumbs_spec.rb b/spec/lib/wpscan/modules/wp_timthumbs_spec.rb index 7d3d689c..8e1aa9b0 100644 --- a/spec/lib/wpscan/modules/wp_timthumbs_spec.rb +++ b/spec/lib/wpscan/modules/wp_timthumbs_spec.rb @@ -19,93 +19,91 @@ shared_examples_for "WpTimthumbs" do before :each do - @module = WpScanModuleSpec.new('http://example.localhost/') - @fixtures_dir = SPEC_FIXTURES_WPSCAN_MODULES_DIR + '/wp_timthumbs' - @theme_name = "bueno" - @timthumbs_file = @fixtures_dir + '/timthumbs.txt' - @targets_from_file = - [ - "http://example.localhost/wp-content/plugins/fotoslide/timthumb.php", - "http://example.localhost/wp-content/plugins/feature-slideshow/timthumb.php" - ] + @options = WpOptions.get_empty_options + @url = "http://example.localhost/" + @theme_name = "bueno" + @options[:url] = @url + @options[:wp_content_dir] = "wp-content" + @options[:name] = @theme_name + @options[:error_404_hash] = "xx" + @module = WpScanModuleSpec.new(@url) + @fixtures_dir = SPEC_FIXTURES_WPSCAN_MODULES_DIR + "/wp_timthumbs" + @timthumbs_file = @fixtures_dir + "/timthumbs.txt" + @targets_from_file = + %w{ + http://example.localhost/wp-content/plugins/fotoslide/timthumb.php + http://example.localhost/wp-content/plugins/feature-slideshow/timthumb.php + } @targets_from_theme = [ - 'http://example.localhost/wp-content/themes/' + @theme_name + '/timthumb.php', - 'http://example.localhost/wp-content/themes/' + @theme_name + '/lib/timthumb.php', - 'http://example.localhost/wp-content/themes/' + @theme_name + '/inc/timthumb.php', - 'http://example.localhost/wp-content/themes/' + @theme_name + '/includes/timthumb.php', - 'http://example.localhost/wp-content/themes/' + @theme_name + '/scripts/timthumb.php', - 'http://example.localhost/wp-content/themes/' + @theme_name + '/tools/timthumb.php', - 'http://example.localhost/wp-content/themes/' + @theme_name + '/functions/timthumb.php' + "http://example.localhost/wp-content/themes/" + @theme_name + "/timthumb.php", + "http://example.localhost/wp-content/themes/" + @theme_name + "/lib/timthumb.php", + "http://example.localhost/wp-content/themes/" + @theme_name + "/inc/timthumb.php", + "http://example.localhost/wp-content/themes/" + @theme_name + "/includes/timthumb.php", + "http://example.localhost/wp-content/themes/" + @theme_name + "/scripts/timthumb.php", + "http://example.localhost/wp-content/themes/" + @theme_name + "/tools/timthumb.php", + "http://example.localhost/wp-content/themes/" + @theme_name + "/functions/timthumb.php" ] @module.extend(WpTimthumbs) end - describe "#timthumbs_file" do - it "should return #{DATA_DIR}/timthumb.txt" do - WpTimthumbs.timthumbs_file.should === "#{DATA_DIR}/timthumbs.txt" - end - - it "should return hello/file.txt" do - WpTimthumbs.timthumbs_file("hello/file.txt").should === "hello/file.txt" - end - end - describe "#targets_url_from_theme" do it "should return the targets for the theme" do - targets = @module.send(:targets_url_from_theme, @theme_name) + targets = @module.send(:targets_url_from_theme, @theme_name, @options) targets.should_not be_empty - targets.sort.should === @targets_from_theme.sort + targets.length.should > 0 + temp = [] + targets.each do |t| + url = "#{t[:url]}#{t[:wp_content_dir]}/#{t[:path]}" + temp << url + end + temp.sort.should === @targets_from_theme.sort end end - describe "#timthumbs_targets_url" do - it "should return only the targets from the timthumbs file" do - targets = @module.timthumbs_targets_url(:timthumbs_file => @timthumbs_file) - - targets.should_not be_empty - targets.sort.should === @targets_from_file.sort - end - - it "should return targets from timthumbs file and theme" do - targets = @module.timthumbs_targets_url(:theme_name => @theme_name, :timthumbs_file => @timthumbs_file) - - targets.should_not be_empty - targets.sort.should === (@targets_from_file + @targets_from_theme).sort - end - end - - describe "#timthumbs" do - + describe "#timthumbs and #has_timthumbs?" do before :each do - @module.timthumbs_targets_url(:theme_name => @theme_name, :timthumbs_file => @timthumbs_file).each do |target_url| - stub_request(:get, target_url).to_return(:status => 404) + @options[:file] = @timthumbs_file + @options[:vulns_file] = "xxx" + @options[:type] = "timthumbs" + @targets_from_file.each do |url| + stub_request(:get, url).to_return(:status => 404) end end it "should return an empty array" do - timthumbs = @module.timthumbs(:theme_name => @theme_name, :timthumbs_file => @timthumbs_file) - + timthumbs = @module.timthumbs(nil, @options) timthumbs.should be_empty - @module.has_timthumbs?.should be_false + @module.has_timthumbs?(nil, @options).should be_false end it "should return an array with 2 timthumbs url" do expected = [] - @module.timthumbs_targets_url(:theme_name => @theme_name, :timthumbs_file => @timthumbs_file).sample(2).each do |target_url| + urls = [] + urls_hash = WpEnumerator.generate_items(@options) + urls_hash.each do |u| + url = "#{u[:url]}#{u[:wp_content_dir]}/#{u[:path]}" + urls << url + stub_request(:get, url).to_return(:status => 404) + end + urls.sample(2).each do |target_url| expected << target_url - stub_request(:get, target_url). to_return(:status => 200, :body => File.new(@fixtures_dir + "/timthumb.php")) end - timthumbs = @module.timthumbs(:theme_name => @theme_name, :timthumbs_file => @timthumbs_file) + timthumbs = @module.timthumbs(nil, @options) timthumbs.should_not be_empty - timthumbs.sort.should === expected.sort - @module.has_timthumbs?.should be_true + + temp = [] + timthumbs.each do |t| + url = "#{t[:url]}#{t[:wp_content_dir]}/#{t[:path]}" + temp << url + end + temp.sort.should === expected.sort + @module.has_timthumbs?(nil).should be_true end end - end