check directory listing in wp-includes

2016-05-05 00:01:52 +02:00
parent fe401e622b
commit 49d0a9e6d9
2 changed files with 13 additions and 0 deletions
--- a/lib/wpscan/wp_target.rb
+++ b/lib/wpscan/wp_target.rb
@@ -135,6 +135,11 @@ class WpTarget < WebSite
    @uri.merge("#{wp_content_dir}/uploads/").to_s
  end

+  # @return [ String ]
+  def includes_dir_url
+    @uri.merge("wp-includes/").to_s
+  end
+
  # Script for replacing strings in wordpress databases
  # reveals database credentials after hitting submit
  # http://interconnectit.com/124/search-and-replace-for-wordpress-databases/
@@ -153,4 +158,8 @@ class WpTarget < WebSite
  def upload_directory_listing_enabled?
    directory_listing_enabled?(upload_dir_url)
  end
+
+  def include_directory_listing_enabled?
+    directory_listing_enabled?(includes_dir_url)
+  end
 end
--- a/wpscan.rb
+++ b/wpscan.rb
@@ -221,6 +221,10 @@ def main
      puts warning("Upload directory has directory listing enabled: #{wp_target.upload_dir_url}")
    end

+    if wp_target.include_directory_listing_enabled?
+      puts warning("Includes directory has directory listing enabled: #{wp_target.includes_dir_url}")
+    end
+
    enum_options = {
      show_progression: true,
      exclude_content: wpscan_options.exclude_content_based