Improves wp-content detection

2019-04-18 12:13:56 +01:00
parent 210eced369
commit 2fca30752a
4 changed files with 11 additions and 5 deletions
--- a/lib/wpscan/target/platform/wordpress/custom_directories.rb
+++ b/lib/wpscan/target/platform/wordpress/custom_directories.rb
@@ -18,7 +18,7 @@ module WPScan
        def content_dir(detection_mode = :mixed)
          unless @content_dir
            # scope_url_pattern is from CMSScanner::Target
-            pattern = %r{#{scope_url_pattern}([\w\s\-\/]+)\/(?:themes|plugins|uploads|cache)\/}i
+            pattern = %r{#{scope_url_pattern}([\w\s\-/]+)\\?/(?:themes|plugins|uploads|cache)\\?/}i

            in_scope_urls(homepage_res) do |url|
              return @content_dir = Regexp.last_match[1] if url.match(pattern)
@@ -103,7 +103,7 @@ module WPScan
        def sub_dir
          unless @sub_dir
            # url_pattern is from CMSScanner::Target
-            pattern = %r{#{url_pattern}(.+?)\/(?:xmlrpc\.php|wp\-includes\/)}i
+            pattern = %r{#{url_pattern}(.+?)/(?:xmlrpc\.php|wp\-includes/)}i

            in_scope_urls(homepage_res) do |url|
              return @sub_dir = Regexp.last_match[1] if url.match(pattern)
--- a/spec/fixtures/target/platform/wordpress/custom_directories/in_raw_js_escaped.html
+++ b/spec/fixtures/target/platform/wordpress/custom_directories/in_raw_js_escaped.html
@@ -0,0 +1,6 @@
+<script type='text/javascript'>
+/* <![CDATA[ */
+var et_pb_custom = {"ajaxurl":"https:\/\/ex.lo\/wp-admin\/admin-ajax.php","images_uri":"https:\/\/ex.lo\/wp-content\/themes\/Divi\/images","builder_images_uri":"https:\/\/ex.lo\/wp-content\/themes\/Divi\/includes\/builder\/images","unique_test_id":"","ab_bounce_rate":"5","is_cache_plugin_active":"no","is_shortcode_tracking":"","tinymce_uri":""};
+var et_pb_box_shadow_elements = [];
+/* ]]> */
+</script>
--- a/spec/shared_examples/target/platform/wordpress/custom_directories.rb
+++ b/spec/shared_examples/target/platform/wordpress/custom_directories.rb
@@ -7,8 +7,8 @@ shared_examples 'WordPress::CustomDirectories' do
    {
      default: 'wp-content', https: 'wp-content', custom_w_spaces: 'custom content spaces',
      relative_one: 'wp-content', relative_two: 'wp-content', cache: 'wp-content',
-      in_raw_js: 'wp-content', with_sub_dir: 'app', relative_two_sub_dir: 'cms/wp-content',
-      in_meta_content: 'wp-content'
+      in_raw_js: 'wp-content', in_raw_js_escaped: 'wp-content', with_sub_dir: 'app',
+      relative_two_sub_dir: 'cms/wp-content', in_meta_content: 'wp-content'
    }.each do |file, expected|
      it "returns #{expected} for #{file}.html" do
        stub_request(:get, target.url).to_return(body: File.read(fixtures.join("#{file}.html")))
--- a/wpscan.gemspec
+++ b/wpscan.gemspec
@@ -21,7 +21,7 @@ Gem::Specification.new do |s|
  s.executables           = ['wpscan']
  s.require_paths         = ['lib']

-  s.add_dependency 'cms_scanner', '~> 0.0.44.2'
+  s.add_dependency 'cms_scanner', '~> 0.0.44.3'

  s.add_development_dependency 'bundler',   '>= 1.6'
  s.add_development_dependency 'coveralls', '~> 0.8.0'