garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fixes #1317

Browse Source
This commit is contained in:
erwanlr
2019-03-20 07:47:28 +00:00
parent 9685568c75
commit 5f2b8f8a2e
2 changed files with 23 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
app/finders/users/rss_generator.rb
View File

@@ -17,20 +17,20 @@ module WPScan
begin begin
res.xml.xpath('//item/dc:creator').each do |node| res.xml.xpath('//item/dc:creator').each do |node|
potential_username = node.text.to_s username = node.text.to_s
# Ignoring potential username longer than 60 characters and containing accents # Ignoring potential username longer than 60 characters and containing accents
# as they are considered invalid. See https://github.com/wpscanteam/wpscan/issues/1215 # as they are considered invalid. See https://github.com/wpscanteam/wpscan/issues/1215
next if potential_username.length > 60 || potential_username =~ /[^\x00-\x7F]/ next if username.strip.empty? || username.length > 60 || username =~ /[^\x00-\x7F]/
potential_usernames << potential_username potential_usernames << username
end end
rescue Nokogiri::XML::XPath::SyntaxError rescue Nokogiri::XML::XPath::SyntaxError
next next
end end
potential_usernames.uniq.each do |potential_username| potential_usernames.uniq.each do |username|
found << CMSScanner::User.new(potential_username, found_by: found_by, confidence: 50) found << CMSScanner::User.new(username, found_by: found_by, confidence: 50)
end end
break break

18
spec/fixtures/finders/users/rss_generator/feed.xml vendored
View File

@@ -59,5 +59,23 @@
<dc:creator><dc:creator><![CDATA[Michael Schrage. <p>Michael Schrage is a researcher at the MIT Sloan School of Management Initiative on the Digital Economy, where he does research and advisory work on how digital media transforms agency, human capital, and innovation.</p> <dc:creator><dc:creator><![CDATA[Michael Schrage. <p>Michael Schrage is a researcher at the MIT Sloan School of Management Initiative on the Digital Economy, where he does research and advisory work on how digital media transforms agency, human capital, and innovation.</p>
]]></dc:creator></dc:creator> ]]></dc:creator></dc:creator>
</item> </item>
<item>
<title>Hello world!</title>
<link>http://ex.lo/2018/09/23/hello-world/</link>
<comments>http://ex.lo/2018/09/23/hello-world/#comments</comments>
<pubDate>Sun, 23 Sep 2018 11:31:56 +0000</pubDate>
<!-- Should be ignored as empty username -->
<dc:creator><![CDATA[]]></dc:creator>
</item>
<item>
<title>Hello world!</title>
<link>http://ex.lo/2018/09/23/hello-world/</link>
<comments>http://ex.lo/2018/09/23/hello-world/#comments</comments>
<pubDate>Sun, 23 Sep 2018 11:31:56 +0000</pubDate>
<!-- Should be ignored as empty username -->
<dc:creator><![CDATA[ ]]></dc:creator>
</item>
</channel> </channel>
</rss> </rss>