garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fixes non detection of plugins/themes from homepage in some cases

Browse Source
This commit is contained in:
erwanlr
2019-10-10 22:33:19 +01:00
parent a9062db57f
commit 40c2e9a54b
5 changed files with 19 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
spec/app/finders/plugins/urls_in_homepage_spec.rb
View File

@@ -3,14 +3,16 @@
describe WPScan::Finders::Plugins::UrlsInHomepage do
subject(:finder) { described_class.new(target) }
let(:target) { WPScan::Target.new(url) }
let(:url) { 'http://wp.lab/' }
let(:url) { 'https://wp.lab/' }
let(:fixtures) { FINDERS_FIXTURES.join('plugins', 'urls_in_homepage') }
before { target.scope << 'sub.lab' }
it_behaves_like 'App::Finders::WpItems::URLsInHomepage' do
let(:type) { 'plugins' }
let(:uniq_links) { true }
let(:uniq_codes) { true }
let(:expected_from_links) { (1..4).map { |i| "dl-#{i}" } }
let(:expected_from_links) { (1..5).map { |i| "dl-#{i}" } }
let(:expected_from_codes) { (1..6).map { |i| "dc-#{i}" } }
end

2
spec/app/finders/themes/urls_in_homepage_spec.rb
View File

@@ -6,6 +6,8 @@ describe WPScan::Finders::Themes::UrlsInHomepage do
let(:url) { 'http://wp.lab/' }
let(:fixtures) { FINDERS_FIXTURES.join('themes', 'urls_in_homepage') }
# before { target.scope << 'sub.lab' }
it_behaves_like 'App::Finders::WpItems::URLsInHomepage' do
let(:type) { 'themes' }
let(:uniq_links) { true }

8
spec/fixtures/finders/plugins/urls_in_homepage/found.html vendored
View File

@@ -8,7 +8,7 @@
<script type='text/javascript' src='http://platform.twitter.com/widgets.js?ver=1.0.0'></script>
<!-- plugins that should be detected -->
<link rel='stylesheet' href='http://wp.lab/wp-content/plugins/dl-1/cache/7f81.css?m=12' type='text/css' media='screen'/>
<link rel='stylesheet' href='https://wp.lab/wp-content/plugins/dl-1/cache/7f81.css?m=12' type='text/css' media='screen'/>
<link rel="stylesheet" href="/wp-content/plugins/dl-2/css/frontend.css?ver=3.9.2"/>
<script type='text/javascript' src='http://wp.lab/wp-content/plugins/dl-3/s2member-o.php?ws=1'></script>
@@ -17,6 +17,12 @@
<!-- Duplicate, dl-4 should only be detected once -->
<script type='text/javascript' src='/wp-content/plugins/dl-4/main2.js'></script>
<!-- in scope domain -->
<link rel="stylesheet" href="http://sub.lab/wp-content/plugins/dl-5/css/"/>
<!-- Should not be detected -->
<link rel="stylesheet" href="https://wp.lab/wp-content/plugins//css/"/>
<link rel="stylesheet" href="http://sub.lab/wp-content/plugins/ /aa/"/>
<a href="http://wp.lab/wp-content/plugins/somefile.php">It should not be detected</a>
<style type="text/css">

2
spec/fixtures/finders/themes/urls_in_homepage/found.html vendored
View File

@@ -1,6 +1,6 @@
<link rel='stylesheet' href='http://wp.lab/wp-content/themes/dl-1/style.css?ver=4.1.1' type='text/css' media='all'>
<img src="http://wp.lab/wp-content/themes/image.png" alt="Should not be detected" />
<img src="https://wp.lab/wp-content/themes/image.png" alt="Should not be detected" />
<style type="text/css">
#fancybox-loading.fancybox-ie div {