garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Scoring system removed from version finderprinting

Browse Source
This commit is contained in:
erwanlr
2012-12-11 20:29:50 +01:00
parent b43a56fd38
commit 32506ca830
4 changed files with 55 additions and 89 deletions
Download Patch File Download Diff File Expand all files Collapse all files

82
data/wp_versions.xml
View File

@@ -26,41 +26,35 @@ ryandewhurst at gmail
Position is important, DO NOT change anything unless you know what you are doing :p
-->
<wp-versions>
<wp-version>
<file src="wp-includes/js/wp-lists.js">
<hash md5="87ce7e6067f829ba65df86fddb32bf5b">
<score>1</score>
<versions>3.5</versions>
<version>3.5</version>
</hash>
<hash md5="46e1341cd4ea49f31046f7d7962adc7f">
<score>1</score>
<versions>3.4.2</versions>
<version>3.4.2</version>
</hash>
</file>
<file src="wp-includes/js/customize-preview.js">
<hash md5="617d9fd858e117c7d1d087be168b5643">
<score>1</score>
<versions>3.4.1</versions>
<version>3.4.1</version>
</hash>
<hash md5="da36bc2dfcb13350c799b62de68dfa4b">
<score>1</score>
<versions>3.4</versions>
<version>3.4</version>
</hash>
<hash md5="a8a259fc5197a78ffe62d6be38dc52f8">
<score>1</score>
<versions>3.4-beta4</versions>
<version>3.4-beta4</version>
</hash>
</file>
<file src="wp-includes/js/plupload/plupload.js">
<hash md5="85199c05db63fcb5880de4af8be7b571">
<score>1</score>
<versions>3.3.2</versions>
<version>3.3.2</version>
</hash>
</file>
@@ -70,8 +64,7 @@ ryandewhurst at gmail
<!-- same md5 for 3.3.2 -->
<hash md5="030d3bac906ba69e9fbc99c5bac54a8e">
<score>1</score>
<versions>3.3.1</versions>
<version>3.3.1</version>
</hash>
</file>
@@ -80,13 +73,11 @@ ryandewhurst at gmail
<file src="wp-admin/js/wp-fullscreen.js">
<hash md5="5675f7793f171b6424bf72f9d7bf4d9a">
<score>1</score>
<versions>3.2.1</versions>
<version>3.2.1</version>
</hash>
<hash md5="7b423e0b7c9221092737ad5271d09863">
<score>1</score>
<versions>3.2</versions>
<version>3.2</version>
</hash>
</file>
@@ -95,8 +86,7 @@ ryandewhurst at gmail
<file src="wp-admin/js/common.js">
<hash md5="4516252d47a73630280869994d510180">
<score>1</score>
<versions>3.3</versions>
<version>3.3</version>
</hash>
</file>
@@ -105,8 +95,7 @@ ryandewhurst at gmail
<file src="wp-includes/css/admin-bar.css">
<hash md5="181250fab3a7e2549a7e7fa21c2e6079">
<score>1</score>
<versions>3.1</versions>
<version>3.1</version>
</hash>
</file>
@@ -115,8 +104,7 @@ ryandewhurst at gmail
<file src="$wp-content$/themes/twentyten/style.css">
<hash md5="6211e2ac1463bf99e98f28ab63e47c54">
<score>1</score>
<versions>3.0</versions>
<version>3.0</version>
</hash>
</file>
@@ -125,18 +113,15 @@ ryandewhurst at gmail
<file src="$wp-plugins$/akismet/readme.txt">
<hash md5="4d5e52da417aa0101054bd41e6243389">
<score>1</score>
<versions>2.8.6</versions>
<version>2.8.6</version>
</hash>
<hash md5="58e086dea9d24ed074fe84ba87386c69">
<score>1</score>
<versions>2.8.5</versions>
<version>2.8.5</version>
</hash>
<hash md5="48c52025b5f28731e9a0c864c189c2e7">
<score>1</score>
<versions>2.8.2</versions>
<version>2.8.2</version>
</hash>
</file>
@@ -145,8 +130,7 @@ ryandewhurst at gmail
<file src="wp-includes/js/wp-ajax-response.js">
<hash md5="0289d1c13821599764774d55516ab81a">
<score>1</score>
<versions>2.7.1</versions>
<version>2.7.1</version>
</hash>
</file>
@@ -155,8 +139,7 @@ ryandewhurst at gmail
<file src="wp-includes/js/thickbox/thickbox.css">
<hash md5="9c2bd2be0893adbe02a0f864526734c2">
<score>1</score>
<versions>2.7</versions>
<version>2.7</version>
</hash>
</file>
@@ -165,8 +148,7 @@ ryandewhurst at gmail
<file src="wp-includes/js/tinymce/plugins/wpeditimage/editor_plugin.js">
<hash md5="5b140ddf0f08034402ae78b31d8a1a28">
<score>1</score>
<versions>2.6</versions>
<version>2.6</version>
</hash>
</file>
@@ -175,8 +157,7 @@ ryandewhurst at gmail
<file src="wp-includes/js/tinymce/themes/advanced/js/image.js">
<hash md5="088245408531c58bb52cc092294cc384">
<score>1</score>
<versions>2.5.1</versions>
<version>2.5.1</version>
</hash>
</file>
@@ -185,8 +166,7 @@ ryandewhurst at gmail
<file src="wp-includes/js/tinymce/themes/advanced/js/link.js">
<hash md5="19c6f3118728c38eb7779aab4847d2d9">
<score>1</score>
<versions>2.5</versions>
<version>2.5</version>
</hash>
</file>
@@ -195,8 +175,7 @@ ryandewhurst at gmail
<file src="wp-includes/js/wp-ajax.js">
<hash md5="c5dbce0c3232c477033e0ce486c62755">
<score>1</score>
<versions>2.2</versions>
<version>2.2</version>
</hash>
</file>
@@ -205,13 +184,11 @@ ryandewhurst at gmail
<file src="$wp-content$/themes/default/style.css">
<hash md5="e44545f529a54de88209ce588676231c">
<score>1</score>
<versions>2.0.1</versions>
<version>2.0.1</version>
</hash>
<hash md5="f786f66d3a40846aa22dcdfeb44fa562">
<score>1</score>
<versions>2.0</versions>
<version>2.0</version>
</hash>
</file>
@@ -220,13 +197,11 @@ ryandewhurst at gmail
<file src="wp-layout.css">
<hash md5="7140e06c00ed03d2bb3dad7672557510">
<score>1</score>
<versions>1.2.1</versions>
<version>1.2.1</version>
</hash>
<hash md5="1bcc9253506c067eb130c9fc4f211a2f">
<score>1</score>
<versions>1.2-delta</versions>
<version>1.2-delta</version>
</hash>
</file>
@@ -234,10 +209,9 @@ ryandewhurst at gmail
<file src="layout2b.css">
<hash md5="baec6b6ccbf71d8dced9f1bf67c751e1">
<score>1</score>
<versions>0.71-gold</versions>
<version>0.71-gold</version>
</hash>
</file>
</wp-versions>
</wp-version>

16
lib/wpscan/wp_version.rb
View File

@@ -80,7 +80,7 @@ class WpVersion < Vulnerable
target_uri = options[:base_url]
response = Browser.instance.get(target_uri.merge("feed/rdf/").to_s, {:follow_location => true, :max_redirects => 2})
response.body[%r{<admin:generatorAgent rdf:resource="http://wordpress.org/\?v=#{WpVersion.version_pattern}" />}i, 1]
response.body[%r{<admin:generatorAgent rdf:resource="http://wordpress.org/\?v=#{WpVersion.version_pattern}" />}i, 1]
end
# Attempts to find the WordPress version from,
@@ -118,18 +118,6 @@ class WpVersion < Vulnerable
# wordpress version.
#
# It does this by using client side file hashing
# with a scoring system.
#
# The scoring system is a number representing
# the uniqueness of a client side file across
# all versions of wordpress.
#
# Example:
#
# Score - Hash - File - Versions
# 1 - 3e63c08553696a1dedb24b22ef6783c3 - /wp-content/themes/twentyeleven/style.css - 3.2.1
# 2 - 15fc925fd39bb496871e842b2a754c76 - /wp-includes/js/wp-lists.js - 2.6,2.5.1
# 3 - 3f03bce84d1d2a169b4bf4d8a0126e38 - /wp-includes/js/autosave.js - 2.9.2,2.9.1,2.9
#
# /!\ Warning : this method might return false positive if the file used for fingerprinting is part of a theme (they can be updated)
#
@@ -151,7 +139,7 @@ class WpVersion < Vulnerable
node.search('hash').each do |hash|
if hash.attribute('md5').text == md5sum
return hash.search('versions').text
return hash.search('version').text
end
end
end

6
spec/fixtures/wpscan/wp_version/advanced/wp_versions.xml vendored
View File

@@ -29,13 +29,11 @@ ryandewhurst at gmail
<wp-versions>
<file src="wp-admin/js/wp-fullscreen.js">
<hash md5="5675f7793f171b6424bf72f9d7bf4d9a">
<score>1</score>
<versions>3.2.1</versions>
<version>3.2.1</version>
</hash>
<hash md5="7b423e0b7c9221092737ad5271d09863">
<score>1</score>
<versions>3.2</versions>
<version>3.2</version>
</hash>
</file>
</wp-versions>

40
spec/lib/wpscan/wp_version_spec.rb
View File

@@ -226,23 +226,26 @@ describe WpVersion do
@fixture = fixtures_dir + "/readme-3.3.2.html"
@expected = "3.3.2"
end
it "should return nil if it's not a valid version, must contains at least one '.'" do
@fixture = fixtures_dir + "/invalid_version.html"
@expected = nil
end
end
end
describe "#find_from_advanced_fingerprinting" do
let(:fixtures_dir) { SPEC_FIXTURES_WPSCAN_WP_VERSION_DIR + "/advanced" }
it "should return 3.2.1" do
stub_request_to_fixture(:url => @target_uri.merge("wp-admin/js/wp-fullscreen.js").to_s,
:status => 200,
:fixture => "#{fixtures_dir}/3.2.1.js")
version = WpVersion.find_from_advanced_fingerprinting(:base_url => @target_uri,
:wp_content_dir => "wp-content",
:version_xml => "#{fixtures_dir}/wp_versions.xml")
stub_request_to_fixture(
:url => @target_uri.merge("wp-admin/js/wp-fullscreen.js").to_s,
:fixture => "#{fixtures_dir}/3.2.1.js"
)
version = WpVersion.find_from_advanced_fingerprinting(
:base_url => @target_uri,
:wp_content_dir => "wp-content",
:version_xml => "#{fixtures_dir}/wp_versions.xml"
)
version.should == "3.2.1"
end
end
@@ -251,17 +254,19 @@ describe WpVersion do
let(:fixtures_dir) { SPEC_FIXTURES_WPSCAN_WP_VERSION_DIR + "/opml" }
it "should return 3.4.2" do
stub_request_to_fixture(:url => @target_uri.merge("wp-links-opml.php").to_s,
:status => 200,
:fixture => "#{fixtures_dir}/wp-links-opml.xml")
stub_request_to_fixture(
:url => @target_uri.merge("wp-links-opml.php").to_s,
:fixture => "#{fixtures_dir}/wp-links-opml.xml"
)
version = WpVersion.find_from_links_opml(:base_url => @target_uri)
version.should == "3.4.2"
end
it "should return nil" do
stub_request_to_fixture(:url => @target_uri.merge("wp-links-opml.php").to_s,
:status => 200,
:fixture => "#{fixtures_dir}/wp-links-opml-nogenerator.xml")
stub_request_to_fixture(
:url => @target_uri.merge("wp-links-opml.php").to_s,
:fixture => "#{fixtures_dir}/wp-links-opml-nogenerator.xml"
)
version = WpVersion.find_from_links_opml(:base_url => @target_uri)
version.should be_nil
end
@@ -282,9 +287,10 @@ describe WpVersion do
# All requests get a HTTP 404
stub_request(:any, /.*/).to_return(:status => 404)
# Wordpress Version 3.2.1
stub_request_to_fixture(:url => @target_uri.merge("wp-admin/js/wp-fullscreen.js").to_s,
:status => 200,
:fixture => "#{fixtures_dir}/3.2.1.js")
stub_request_to_fixture(
:url => @target_uri.merge("wp-admin/js/wp-fullscreen.js").to_s,
:fixture => "#{fixtures_dir}/3.2.1.js"
)
version = WpVersion.find(@target_uri, "wp-content")
version.number.should == "3.2.1"
version.discovery_method.should == "advanced fingerprinting"