garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

check directory listing in wp-includes

Browse Source
This commit is contained in:
Christian Mehlmauer
2016-05-05 00:01:52 +02:00
parent fe401e622b
commit 49d0a9e6d9
2 changed files with 13 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
lib/wpscan/wp_target.rb
View File

@@ -135,6 +135,11 @@ class WpTarget < WebSite
@uri.merge("#{wp_content_dir}/uploads/").to_s @uri.merge("#{wp_content_dir}/uploads/").to_s
end end
# @return [ String ]
def includes_dir_url
@uri.merge("wp-includes/").to_s
end
# Script for replacing strings in wordpress databases # Script for replacing strings in wordpress databases
# reveals database credentials after hitting submit # reveals database credentials after hitting submit
# http://interconnectit.com/124/search-and-replace-for-wordpress-databases/ # http://interconnectit.com/124/search-and-replace-for-wordpress-databases/
@@ -153,4 +158,8 @@ class WpTarget < WebSite
def upload_directory_listing_enabled? def upload_directory_listing_enabled?
directory_listing_enabled?(upload_dir_url) directory_listing_enabled?(upload_dir_url)
end end
def include_directory_listing_enabled?
directory_listing_enabled?(includes_dir_url)
end
end end

4
wpscan.rb
View File

@@ -221,6 +221,10 @@ def main
puts warning("Upload directory has directory listing enabled: #{wp_target.upload_dir_url}") puts warning("Upload directory has directory listing enabled: #{wp_target.upload_dir_url}")
end end
if wp_target.include_directory_listing_enabled?
puts warning("Includes directory has directory listing enabled: #{wp_target.includes_dir_url}")
end
enum_options = { enum_options = {
show_progression: true, show_progression: true,
exclude_content: wpscan_options.exclude_content_based exclude_content: wpscan_options.exclude_content_based