garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

WpVersion::Findable specs

Browse Source
This commit is contained in:
erwanlr
2013-03-28 20:48:19 +01:00
parent a7bd5044c4
commit 565bfceb49
97 changed files with 456 additions and 18105 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
lib/common/models/wp_version.rb
View File

@@ -16,4 +16,11 @@ class WpVersion < WpItem
# @return [ Array ]
def allowed_options; super << :number << :found_from end
# @param [ WpVersion ] other
#
# @return [ Boolean ]
def ==(other)
number == other.number
end
end

112
lib/common/models/wp_version/findable.rb
View File

@@ -3,32 +3,46 @@
class WpVersion < WpItem
module Findable
@@version_xml = WP_VERSIONS_FILE
def version_xml
@@version_xml
end
def version_xml=(xml)
if File.exists?(xml)
@@version_xml = xml
else
raise "The file #{xml} does not exist"
end
end
# Find the version of the wp_target blog
# returns a WpVersion object or nil
def find(target_uri, wp_content_dir, wp_plugins_dir)
# Find the version of the blog designated from target_uri
#
# @param [ URI ] target_uri
# @param [ String ] wp_content_dir
# @param [ String ] wp_plugins_dir
#
# @return [ WpVersion ]
def find(target_uri, wp_content_dir, wp_plugins_dir, versions_xml)
methods.grep(/find_from_/).each do |method|
if version = send(method, target_uri, wp_content_dir, wp_plugins_dir)
if method === :find_from_advanced_fingerprinting
version = send(method, target_uri, wp_content_dir, wp_plugins_dir, versions_xml)
else
version = send(method, target_uri)
end
if version
return new(target_uri, number: version, found_from: method)
end
end
nil
end
# Used to check if the version is correct: must contain at least one dot.
#
# @return [ String ]
def version_pattern
'([^\r\n"\']+\.[^\r\n"\']+)'
end
protected
# Returns the first match of <pattern> in the body of the url
#
# @param [ URI ] target_uri
# @param [ Regex ] pattern
# @param [ String ] path
#
# @return [ String ]
def scan_url(target_uri, pattern, path = nil)
url = path ? target_uri.merge(path).to_s : target_uri.to_s
response = Browser.instance.get_and_follow_location(url)
@@ -47,7 +61,11 @@ class WpVersion < WpItem
#
# The meta tag can be removed however it seems,
# that it is reinstated on upgrade.
def find_from_meta_generator(target_uri, wp_content_dir, wp_plugins_dir)
#
# @param [ URI ] target_uri
#
# @return [ String ] The version number
def find_from_meta_generator(target_uri)
scan_url(
target_uri,
%r{name="generator" content="wordpress #{version_pattern}"}i
@@ -56,7 +74,11 @@ class WpVersion < WpItem
# Attempts to find the WordPress version from,
# the generator tag in the RSS feed source.
def find_from_rss_generator(target_uri, wp_content_dir, wp_plugins_dir)
#
# @param [ URI ] target_uri
#
# @return [ String ] The version number
def find_from_rss_generator(target_uri)
scan_url(
target_uri,
%r{<generator>http://wordpress.org/\?v=#{version_pattern}</generator>}i,
@@ -66,7 +88,11 @@ class WpVersion < WpItem
# Attempts to find WordPress version from,
# the generator tag in the RDF feed source.
def find_from_rdf_generator(target_uri, wp_content_dir, wp_plugins_dir)
#
# @param [ URI ] target_uri
#
# @return [ String ] The version number
def find_from_rdf_generator(target_uri)
scan_url(
target_uri,
%r{<admin:generatorAgent rdf:resource="http://wordpress.org/\?v=#{version_pattern}" />}i,
@@ -78,7 +104,7 @@ class WpVersion < WpItem
# the generator tag in the RSS2 feed source.
#
# Have not been able to find an example of this - Ryan
#def find_from_rss2_generator(target_uri, wp_content_dir, wp_plugins_dir)
#def find_from_rss2_generator(target_uri)
# scan_url(
# target_uri,
# %r{<generator>http://wordpress.org/?v=(#{WpVersion.version_pattern})</generator>}i,
@@ -88,7 +114,11 @@ class WpVersion < WpItem
# Attempts to find the WordPress version from,
# the generator tag in the Atom source.
def find_from_atom_generator(target_uri, wp_content_dir, wp_plugins_dir)
#
# @param [ URI ] target_uri
#
# @return [ String ] The version number
def find_from_atom_generator(target_uri)
scan_url(
target_uri,
%r{<generator uri="http://wordpress.org/" version="#{version_pattern}">WordPress</generator>}i,
@@ -100,7 +130,7 @@ class WpVersion < WpItem
# the generator tag in the comment rss source.
#
# Have not been able to find an example of this - Ryan
#def find_from_comments_rss_generator(target_uri, wp_content_dir, wp_plugins_dir)
#def find_from_comments_rss_generator(target_uri)
# scan_url(
# target_uri,
# %r{<!-- generator="WordPress/#{WpVersion.version_pattern}" -->}i,
@@ -115,10 +145,17 @@ class WpVersion < WpItem
#
# /!\ Warning : this method might return false positive if the file used for fingerprinting is part of a theme (they can be updated)
#
def find_from_advanced_fingerprinting(target_uri, wp_content_dir, wp_plugins_dir)
xml = xml(version_xml)
# @param [ URI ] target_uri
# @param [ String ] wp_content_dir
# @param [ String ] wp_plugins_dir
# @param [ String ] versions_xml The path to the xml containing all versions
#
# @return [ String ] The version number
def find_from_advanced_fingerprinting(target_uri, wp_content_dir, wp_plugins_dir, versions_xml)
xml = xml(versions_xml)
# This wp_item will take care of encoding the path
# and replace variables like $wp-content$ and $wp-plugins$
# and replace variables like $wp-content$ & $wp-plugins$
wp_item = WpItem.new(target_uri,
wp_content_dir: wp_content_dir,
wp_plugins_dir: wp_plugins_dir)
@@ -139,7 +176,11 @@ class WpVersion < WpItem
end
# Attempts to find the WordPress version from the readme.html file.
def find_from_readme(target_uri, wp_content_dir, wp_plugins_dir)
#
# @param [ URI ] target_uri
#
# @return [ String ] The version number
def find_from_readme(target_uri)
scan_url(
target_uri,
%r{<br />\sversion #{version_pattern}}i,
@@ -150,7 +191,11 @@ class WpVersion < WpItem
# Attempts to find the WordPress version from the sitemap.xml file.
#
# See: http://code.google.com/p/wpscan/issues/detail?id=109
def find_from_sitemap_generator(target_uri, wp_content_dir, wp_plugins_dir)
#
# @param [ URI ] target_uri
#
# @return [ String ] The version number
def find_from_sitemap_generator(target_uri)
scan_url(
target_uri,
%r{generator="wordpress/#{version_pattern}"}i,
@@ -159,7 +204,11 @@ class WpVersion < WpItem
end
# Attempts to find the WordPress version from the p-links-opml.php file.
def find_from_links_opml(target_uri, wp_content_dir, wp_plugins_dir)
#
# @param [ URI ] target_uri
#
# @return [ String ] The version number
def find_from_links_opml(target_uri)
scan_url(
target_uri,
%r{generator="wordpress/#{version_pattern}"}i,
@@ -167,10 +216,5 @@ class WpVersion < WpItem
)
end
# Used to check if the version is correct: must contain at least one dot.
def version_pattern
'([^\r\n"\']+\.[^\r\n"\']+)'
end
end
end

2
lib/common/models/wp_version/vulnerable.rb
View File

@@ -3,6 +3,7 @@
class WpVersion < WpItem
module Vulnerable
# @return [ String ] The path to the file containing vulnerabilities
def vulns_file
unless @vulns_file
@vulns_file = WP_VULNS_FILE
@@ -10,6 +11,7 @@ class WpVersion < WpItem
@vulns_file
end
# @return [ String ]
def vulns_xpath
"//wordpress[@version='#{@number}']/vulnerability"
end

8
lib/wpscan/wp_target.rb
View File

@@ -86,9 +86,11 @@ class WpTarget < WebSite
WpTheme.find(@uri)
end
# return WpVersion
def version
WpVersion.find(@uri, wp_content_dir, wp_plugins_dir)
# @param [ String ] versions_xml
#
# @return [ WpVersion ]
def version(versions_xml)
WpVersion.find(@uri, wp_content_dir, wp_plugins_dir, versions_xml)
end
def has_plugin?(name, version = nil)