diff --git a/lib/common_helper.rb b/lib/common_helper.rb
index 23e9048f..ef2bb2c0 100644
--- a/lib/common_helper.rb
+++ b/lib/common_helper.rb
@@ -51,6 +51,31 @@ def add_trailing_slash(url)
url
end
+# Gets the string all elements in stringarray ends with
+def get_equal_string_end(stringarray = [""])
+ already_found = ""
+ looping = true
+ counter = -1
+ if stringarray.kind_of? Array and stringarray.length > 1
+ base = stringarray[0]
+ while looping
+ character = base[counter, 1]
+ stringarray.each do |s|
+ if s[counter, 1] != character
+ looping = false
+ break
+ end
+ end
+ if looping == false or (counter * -1 ) >= base.length
+ break
+ end
+ already_found = "#{character if character}#{already_found}"
+ counter -= 1
+ end
+ end
+ already_found
+end
+
if RUBY_VERSION < "1.9"
class Array
# Fix for grep with symbols in ruby <= 1.8.7
diff --git a/lib/wpscan/modules/wp_usernames.rb b/lib/wpscan/modules/wp_usernames.rb
index 110d5126..fff10725 100644
--- a/lib/wpscan/modules/wp_usernames.rb
+++ b/lib/wpscan/modules/wp_usernames.rb
@@ -51,6 +51,7 @@ module WpUsernames
:real_name => real_name ? real_name : "empty"}
end
end
+ usernames = remove_junk_from_real_name(usernames)
# clean the array, remove nils and possible duplicates
usernames.flatten!
@@ -79,6 +80,21 @@ module WpUsernames
body[%r{([^<]*)}i, 1]
end
+ def remove_junk_from_real_name(usernames)
+ real_names = []
+ usernames.each do |u|
+ real_name = u[:real_name]
+ unless real_name == "empty"
+ real_names << real_name
+ end
+ end
+ junk = get_equal_string_end(real_names)
+ usernames.each do |u|
+ u[:real_name] = u[:real_name].sub(/#{junk}$/, "")
+ end
+ usernames
+ end
+
def author_url(author_id)
@uri.merge("?author=#{author_id}").to_s
end
diff --git a/spec/lib/common_helper_spec.rb b/spec/lib/common_helper_spec.rb
new file mode 100644
index 00000000..104b130e
--- /dev/null
+++ b/spec/lib/common_helper_spec.rb
@@ -0,0 +1,69 @@
+#--
+# WPScan - WordPress Security Scanner
+# Copyright (C) 2012
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see .
+#++
+
+require File.expand_path(File.dirname(__FILE__) + '../../../lib/wpscan/wpscan_helper')
+
+describe "common_helper" do
+ describe "#get_equal_string" do
+ after :each do
+ output = get_equal_string_end(@input)
+ output.should == @expected
+ end
+
+ it "sould return an empty string" do
+ @input = [""]
+ @expected = ""
+ end
+
+ it "sould return an empty string" do
+ @input = []
+ @expected = ""
+ end
+
+ it "sould return asdf" do
+ @input = ["kjh asdf", "oijr asdf"]
+ @expected = " asdf"
+ end
+
+ it "sould return « BlogName" do
+ @input = ["user1 « BlogName",
+ "user2 « BlogName",
+ "user3 « BlogName",
+ "user4 « BlogName"]
+ @expected = " « BlogName"
+ end
+
+ it "sould return an empty string" do
+ @input = %w{user1 user2 user3 user4}
+ @expected = ""
+ end
+
+ it "sould return an empty string" do
+ @input = ["user1 « BlogName",
+ "user2 « BlogName",
+ "user3 « BlogName",
+ "user4 « BlogNamea"]
+ @expected = ""
+ end
+
+ it "sould return an empty string" do
+ @input = %w{ user1 }
+ @expected = ""
+ end
+ end
+end
\ No newline at end of file