From 49efbf25ead977c8a6bb97806126656d71831ee6 Mon Sep 17 00:00:00 2001 From: erwanlr Date: Wed, 3 Apr 2019 08:22:31 +0100 Subject: [PATCH] Adds detection of Plugin/Theme via errors 500 and custom 401/403 - Fixes #1090 --- app/finders/plugins/known_locations.rb | 4 ++-- app/finders/themes/known_locations.rb | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/app/finders/plugins/known_locations.rb b/app/finders/plugins/known_locations.rb index 372d0c40..fbc1a442 100644 --- a/app/finders/plugins/known_locations.rb +++ b/app/finders/plugins/known_locations.rb @@ -9,7 +9,7 @@ module WPScan # @return [ Array ] def valid_response_codes - @valid_response_codes ||= [200, 401, 403, 301] + @valid_response_codes ||= [200, 401, 403, 301, 500].freeze end # @param [ Hash ] opts @@ -19,7 +19,7 @@ module WPScan def aggressive(opts = {}) found = [] - enumerate(target_urls(opts), opts.merge(check_full_response: 200)) do |_res, slug| + enumerate(target_urls(opts), opts.merge(check_full_response: [200, 401, 403, 500])) do |_res, slug| found << Model::Plugin.new(slug, target, opts.merge(found_by: found_by, confidence: 80)) end diff --git a/app/finders/themes/known_locations.rb b/app/finders/themes/known_locations.rb index 9574b072..df00086f 100644 --- a/app/finders/themes/known_locations.rb +++ b/app/finders/themes/known_locations.rb @@ -9,7 +9,7 @@ module WPScan # @return [ Array ] def valid_response_codes - @valid_response_codes ||= [200, 401, 403, 301] + @valid_response_codes ||= [200, 401, 403, 301, 500].freeze end # @param [ Hash ] opts @@ -19,7 +19,7 @@ module WPScan def aggressive(opts = {}) found = [] - enumerate(target_urls(opts), opts.merge(check_full_response: 200)) do |_res, slug| + enumerate(target_urls(opts), opts.merge(check_full_response: [200, 401, 403, 500])) do |_res, slug| found << Model::Theme.new(slug, target, opts.merge(found_by: found_by, confidence: 80)) end