From 32506ca830d37c2c9cd6030ee1c7951b3c3c10db Mon Sep 17 00:00:00 2001
From: erwanlr <erwan.lr@gmail.com>
Date: Tue, 11 Dec 2012 20:29:50 +0100
Subject: [PATCH] Scoring system removed from version finderprinting

---
 data/wp_versions.xml                          | 82 +++++++------------
 lib/wpscan/wp_version.rb                      | 16 +---
 .../wp_version/advanced/wp_versions.xml       |  6 +-
 spec/lib/wpscan/wp_version_spec.rb            | 40 +++++----
 4 files changed, 55 insertions(+), 89 deletions(-)

diff --git a/data/wp_versions.xml b/data/wp_versions.xml
index d590e342..75e57778 100644
--- a/data/wp_versions.xml
+++ b/data/wp_versions.xml
@@ -26,41 +26,35 @@ ryandewhurst at gmail
   Position is important, DO NOT change anything unless you know what you are doing :p
 -->
 
-<wp-versions>
+<wp-version>
 
   <file src="wp-includes/js/wp-lists.js">
     <hash md5="87ce7e6067f829ba65df86fddb32bf5b">
-      <score>1</score>
-      <versions>3.5</versions>
+      <version>3.5</version>
     </hash>
     <hash md5="46e1341cd4ea49f31046f7d7962adc7f">
-      <score>1</score>
-      <versions>3.4.2</versions>
+      <version>3.4.2</version>
     </hash>
   </file>
 
   <file src="wp-includes/js/customize-preview.js">
     <hash md5="617d9fd858e117c7d1d087be168b5643">
-      <score>1</score>
-      <versions>3.4.1</versions>
+      <version>3.4.1</version>
     </hash>
 
     <hash md5="da36bc2dfcb13350c799b62de68dfa4b">
-      <score>1</score>
-      <versions>3.4</versions>
+      <version>3.4</version>
     </hash>
 
     <hash md5="a8a259fc5197a78ffe62d6be38dc52f8">
-      <score>1</score>
-      <versions>3.4-beta4</versions>
+      <version>3.4-beta4</version>
     </hash>
   </file>
 
   <file src="wp-includes/js/plupload/plupload.js">
 
     <hash md5="85199c05db63fcb5880de4af8be7b571">
-      <score>1</score>
-      <versions>3.3.2</versions>
+      <version>3.3.2</version>
     </hash>
 
   </file>
@@ -70,8 +64,7 @@ ryandewhurst at gmail
 
     <!-- same md5 for 3.3.2 -->
     <hash md5="030d3bac906ba69e9fbc99c5bac54a8e">
-      <score>1</score>
-      <versions>3.3.1</versions>
+      <version>3.3.1</version>
     </hash>
 
   </file>
@@ -80,13 +73,11 @@ ryandewhurst at gmail
   <file src="wp-admin/js/wp-fullscreen.js">
 
     <hash md5="5675f7793f171b6424bf72f9d7bf4d9a">
-      <score>1</score>
-      <versions>3.2.1</versions>
+      <version>3.2.1</version>
     </hash>
 
     <hash md5="7b423e0b7c9221092737ad5271d09863">
-      <score>1</score>
-      <versions>3.2</versions>
+      <version>3.2</version>
     </hash>
 
   </file>
@@ -95,8 +86,7 @@ ryandewhurst at gmail
   <file src="wp-admin/js/common.js">
 
     <hash md5="4516252d47a73630280869994d510180">
-      <score>1</score>
-      <versions>3.3</versions>
+      <version>3.3</version>
     </hash>
 
   </file>
@@ -105,8 +95,7 @@ ryandewhurst at gmail
   <file src="wp-includes/css/admin-bar.css">
 
     <hash md5="181250fab3a7e2549a7e7fa21c2e6079">
-      <score>1</score>
-      <versions>3.1</versions>
+      <version>3.1</version>
     </hash>
 
   </file>
@@ -115,8 +104,7 @@ ryandewhurst at gmail
   <file src="$wp-content$/themes/twentyten/style.css">
 
     <hash md5="6211e2ac1463bf99e98f28ab63e47c54">
-      <score>1</score>
-      <versions>3.0</versions>
+      <version>3.0</version>
     </hash>
 
   </file>
@@ -125,18 +113,15 @@ ryandewhurst at gmail
   <file src="$wp-plugins$/akismet/readme.txt">
 
     <hash md5="4d5e52da417aa0101054bd41e6243389">
-      <score>1</score>
-      <versions>2.8.6</versions>
+      <version>2.8.6</version>
     </hash>
 
     <hash md5="58e086dea9d24ed074fe84ba87386c69">
-      <score>1</score>
-      <versions>2.8.5</versions>
+      <version>2.8.5</version>
     </hash>
 
     <hash md5="48c52025b5f28731e9a0c864c189c2e7">
-      <score>1</score>
-      <versions>2.8.2</versions>
+      <version>2.8.2</version>
     </hash>
 
   </file>
@@ -145,8 +130,7 @@ ryandewhurst at gmail
   <file src="wp-includes/js/wp-ajax-response.js">
 
     <hash md5="0289d1c13821599764774d55516ab81a">
-      <score>1</score>
-      <versions>2.7.1</versions>
+      <version>2.7.1</version>
     </hash>
 
   </file>
@@ -155,8 +139,7 @@ ryandewhurst at gmail
   <file src="wp-includes/js/thickbox/thickbox.css">
 
     <hash md5="9c2bd2be0893adbe02a0f864526734c2">
-      <score>1</score>
-      <versions>2.7</versions>
+      <version>2.7</version>
     </hash>
 
   </file>
@@ -165,8 +148,7 @@ ryandewhurst at gmail
   <file src="wp-includes/js/tinymce/plugins/wpeditimage/editor_plugin.js">
 
     <hash md5="5b140ddf0f08034402ae78b31d8a1a28">
-      <score>1</score>
-      <versions>2.6</versions>
+      <version>2.6</version>
     </hash>
 
   </file>
@@ -175,8 +157,7 @@ ryandewhurst at gmail
   <file src="wp-includes/js/tinymce/themes/advanced/js/image.js">
 
     <hash md5="088245408531c58bb52cc092294cc384">
-      <score>1</score>
-      <versions>2.5.1</versions>
+      <version>2.5.1</version>
     </hash>
 
   </file>
@@ -185,8 +166,7 @@ ryandewhurst at gmail
   <file src="wp-includes/js/tinymce/themes/advanced/js/link.js">
 
     <hash md5="19c6f3118728c38eb7779aab4847d2d9">
-      <score>1</score>
-      <versions>2.5</versions>
+      <version>2.5</version>
     </hash>
 
   </file>
@@ -195,8 +175,7 @@ ryandewhurst at gmail
   <file src="wp-includes/js/wp-ajax.js">
 
     <hash md5="c5dbce0c3232c477033e0ce486c62755">
-      <score>1</score>
-      <versions>2.2</versions>
+      <version>2.2</version>
     </hash>
 
   </file>
@@ -205,13 +184,11 @@ ryandewhurst at gmail
   <file src="$wp-content$/themes/default/style.css">
 
     <hash md5="e44545f529a54de88209ce588676231c">
-      <score>1</score>
-      <versions>2.0.1</versions>
+      <version>2.0.1</version>
     </hash>
 
     <hash md5="f786f66d3a40846aa22dcdfeb44fa562">
-      <score>1</score>
-      <versions>2.0</versions>
+      <version>2.0</version>
     </hash>
 
   </file>
@@ -220,13 +197,11 @@ ryandewhurst at gmail
   <file src="wp-layout.css">
 
     <hash md5="7140e06c00ed03d2bb3dad7672557510">
-      <score>1</score>
-      <versions>1.2.1</versions>
+      <version>1.2.1</version>
     </hash>
 
     <hash md5="1bcc9253506c067eb130c9fc4f211a2f">
-      <score>1</score>
-      <versions>1.2-delta</versions>
+      <version>1.2-delta</version>
     </hash>
   </file>
 
@@ -234,10 +209,9 @@ ryandewhurst at gmail
   <file src="layout2b.css">
 
     <hash md5="baec6b6ccbf71d8dced9f1bf67c751e1">
-      <score>1</score>
-      <versions>0.71-gold</versions>
+      <version>0.71-gold</version>
     </hash>
 
   </file>
 
-</wp-versions>
+</wp-version>
diff --git a/lib/wpscan/wp_version.rb b/lib/wpscan/wp_version.rb
index 7d4c8cfa..c18e50bf 100644
--- a/lib/wpscan/wp_version.rb
+++ b/lib/wpscan/wp_version.rb
@@ -80,7 +80,7 @@ class WpVersion < Vulnerable
     target_uri = options[:base_url]
     response = Browser.instance.get(target_uri.merge("feed/rdf/").to_s, {:follow_location => true, :max_redirects => 2})
 
-    response.body[%r{<admin:generatorAgent rdf:resource="http://wordpress.org/\?v=#{WpVersion.version_pattern}" />}i, 1]  
+    response.body[%r{<admin:generatorAgent rdf:resource="http://wordpress.org/\?v=#{WpVersion.version_pattern}" />}i, 1]
   end
 
   # Attempts to find the WordPress version from,
@@ -118,18 +118,6 @@ class WpVersion < Vulnerable
   # wordpress version.
   #
   # It does this by using client side file hashing
-  # with a scoring system.
-  #
-  # The scoring system is a number representing
-  # the uniqueness of a client side file across
-  # all versions of wordpress.
-  #
-  # Example:
-  #
-  # Score - Hash - File - Versions
-  #   1 - 3e63c08553696a1dedb24b22ef6783c3 - /wp-content/themes/twentyeleven/style.css - 3.2.1
-  #   2 - 15fc925fd39bb496871e842b2a754c76 - /wp-includes/js/wp-lists.js - 2.6,2.5.1
-  #   3 - 3f03bce84d1d2a169b4bf4d8a0126e38 - /wp-includes/js/autosave.js - 2.9.2,2.9.1,2.9
   #
   #  /!\ Warning : this method might return false positive if the file used for fingerprinting is part of a theme (they can be updated)
   #
@@ -151,7 +139,7 @@ class WpVersion < Vulnerable
 
       node.search('hash').each do |hash|
         if hash.attribute('md5').text == md5sum
-          return hash.search('versions').text
+          return hash.search('version').text
         end
       end
     end
diff --git a/spec/fixtures/wpscan/wp_version/advanced/wp_versions.xml b/spec/fixtures/wpscan/wp_version/advanced/wp_versions.xml
index 4383dce8..c90e7533 100644
--- a/spec/fixtures/wpscan/wp_version/advanced/wp_versions.xml
+++ b/spec/fixtures/wpscan/wp_version/advanced/wp_versions.xml
@@ -29,13 +29,11 @@ ryandewhurst at gmail
 <wp-versions>
   <file src="wp-admin/js/wp-fullscreen.js">
     <hash md5="5675f7793f171b6424bf72f9d7bf4d9a">
-      <score>1</score>
-      <versions>3.2.1</versions>
+      <version>3.2.1</version>
     </hash>
 
     <hash md5="7b423e0b7c9221092737ad5271d09863">
-      <score>1</score>
-      <versions>3.2</versions>
+      <version>3.2</version>
     </hash>
   </file>
 </wp-versions>
diff --git a/spec/lib/wpscan/wp_version_spec.rb b/spec/lib/wpscan/wp_version_spec.rb
index c183bfd0..1a1d663f 100644
--- a/spec/lib/wpscan/wp_version_spec.rb
+++ b/spec/lib/wpscan/wp_version_spec.rb
@@ -226,23 +226,26 @@ describe WpVersion do
       @fixture = fixtures_dir + "/readme-3.3.2.html"
       @expected = "3.3.2"
     end
-  
+
     it "should return nil if it's not a valid version, must contains at least one '.'" do
       @fixture = fixtures_dir + "/invalid_version.html"
       @expected = nil
-    end  
+    end
   end
 
   describe "#find_from_advanced_fingerprinting" do
     let(:fixtures_dir) { SPEC_FIXTURES_WPSCAN_WP_VERSION_DIR + "/advanced" }
 
     it "should return 3.2.1" do
-      stub_request_to_fixture(:url => @target_uri.merge("wp-admin/js/wp-fullscreen.js").to_s,
-                              :status => 200,
-                              :fixture => "#{fixtures_dir}/3.2.1.js")
-      version = WpVersion.find_from_advanced_fingerprinting(:base_url => @target_uri,
-                                                            :wp_content_dir => "wp-content",
-                                                            :version_xml => "#{fixtures_dir}/wp_versions.xml")
+      stub_request_to_fixture(
+        :url => @target_uri.merge("wp-admin/js/wp-fullscreen.js").to_s,
+        :fixture => "#{fixtures_dir}/3.2.1.js"
+      )
+      version = WpVersion.find_from_advanced_fingerprinting(
+        :base_url => @target_uri,
+        :wp_content_dir => "wp-content",
+        :version_xml => "#{fixtures_dir}/wp_versions.xml"
+      )
       version.should == "3.2.1"
     end
   end
@@ -251,17 +254,19 @@ describe WpVersion do
     let(:fixtures_dir) { SPEC_FIXTURES_WPSCAN_WP_VERSION_DIR + "/opml" }
 
     it "should return 3.4.2" do
-      stub_request_to_fixture(:url => @target_uri.merge("wp-links-opml.php").to_s,
-                              :status => 200,
-                              :fixture => "#{fixtures_dir}/wp-links-opml.xml")
+      stub_request_to_fixture(
+        :url => @target_uri.merge("wp-links-opml.php").to_s,
+        :fixture => "#{fixtures_dir}/wp-links-opml.xml"
+      )
       version = WpVersion.find_from_links_opml(:base_url => @target_uri)
       version.should == "3.4.2"
     end
 
     it "should return nil" do
-      stub_request_to_fixture(:url => @target_uri.merge("wp-links-opml.php").to_s,
-                              :status => 200,
-                              :fixture => "#{fixtures_dir}/wp-links-opml-nogenerator.xml")
+      stub_request_to_fixture(
+        :url => @target_uri.merge("wp-links-opml.php").to_s,
+        :fixture => "#{fixtures_dir}/wp-links-opml-nogenerator.xml"
+      )
       version = WpVersion.find_from_links_opml(:base_url => @target_uri)
       version.should be_nil
     end
@@ -282,9 +287,10 @@ describe WpVersion do
       # All requests get a HTTP 404
       stub_request(:any, /.*/).to_return(:status => 404)
       # Wordpress Version 3.2.1
-      stub_request_to_fixture(:url => @target_uri.merge("wp-admin/js/wp-fullscreen.js").to_s,
-                              :status => 200,
-                              :fixture => "#{fixtures_dir}/3.2.1.js")
+      stub_request_to_fixture(
+        :url => @target_uri.merge("wp-admin/js/wp-fullscreen.js").to_s,
+        :fixture => "#{fixtures_dir}/3.2.1.js"
+      )
       version = WpVersion.find(@target_uri, "wp-content")
       version.number.should == "3.2.1"
       version.discovery_method.should == "advanced fingerprinting"