diff --git a/app/finders/plugin_version/readme.rb b/app/finders/plugin_version/readme.rb index d703414d..cddedb1b 100644 --- a/app/finders/plugin_version/readme.rb +++ b/app/finders/plugin_version/readme.rb @@ -9,9 +9,10 @@ module WPScan def aggressive(_opts = {}) found_by_msg = 'Readme - %s (Aggressive Detection)' + # The target(plugin)#readme_url can't be used directly here + # as if the --detection-mode is passive, it will always return nil Model::WpItem::READMES.each do |file| - url = target.url(file) - res = Browser.get(url) + res = target.head_and_get(file) next unless res.code == 200 && !(numbers = version_numbers(res.body)).empty? @@ -20,10 +21,11 @@ module WPScan e[0], found_by: format(found_by_msg, e[1]), confidence: e[2], - interesting_entries: [url] + interesting_entries: [res.effective_url] ) end end + nil end diff --git a/spec/app/finders/plugin_version/readme_spec.rb b/spec/app/finders/plugin_version/readme_spec.rb index bc6ad23b..c8a77dd1 100644 --- a/spec/app/finders/plugin_version/readme_spec.rb +++ b/spec/app/finders/plugin_version/readme_spec.rb @@ -24,17 +24,23 @@ describe WPScan::Finders::PluginVersion::Readme do end describe '#aggressive' do - before { expect(target).to receive(:content_dir).and_return('wp-content') } + before do + expect(target).to receive(:content_dir).and_return('wp-content') + + allow(target).to receive(:head_or_get_params).and_return(method: :head) + + stub_request(:head, /.*/).to_return(status: 404) + stub_request(:head, readme_url).to_return(status: 200) + end + + let(:readme_url) { plugin.url(WPScan::Model::WpItem::READMES.sample) } after do - stub_request(:get, /.*/).to_return(status: 404) stub_request(:get, readme_url).to_return(body: File.read(fixtures.join(@file))) expect(finder.aggressive).to eql @expected end - let(:readme_url) { plugin.url(WPScan::Model::WpItem::READMES.sample) } - context 'when no version' do it 'returns nil' do @file = 'no_version.txt'