From 62600b3a66adca431ea29936b2df9bf5fc03b29d Mon Sep 17 00:00:00 2001
From: erwanlr <erwan.lr@gmail.com>
Date: Fri, 11 Oct 2019 14:32:00 +0100
Subject: [PATCH] Fixes #1411

---
 lib/wpscan/target/platform/wordpress/custom_directories.rb   | 2 +-
 .../custom_directories/themes_path_plugin_folder.html        | 5 +++++
 .../target/platform/wordpress/custom_directories.rb          | 3 ++-
 3 files changed, 8 insertions(+), 2 deletions(-)
 create mode 100644 spec/fixtures/target/platform/wordpress/custom_directories/themes_path_plugin_folder.html

diff --git a/lib/wpscan/target/platform/wordpress/custom_directories.rb b/lib/wpscan/target/platform/wordpress/custom_directories.rb
index f8989c89..83499180 100644
--- a/lib/wpscan/target/platform/wordpress/custom_directories.rb
+++ b/lib/wpscan/target/platform/wordpress/custom_directories.rb
@@ -17,7 +17,7 @@ module WPScan
         def content_dir
           unless @content_dir
             # scope_url_pattern is from CMSScanner::Target
-            pattern = %r{#{scope_url_pattern}([\w\s\-/]+)\\?/(?:themes|plugins|uploads|cache)\\?/}i
+            pattern = %r{#{scope_url_pattern}([\w\s\-/]+?)\\?/(?:themes|plugins|uploads|cache)\\?/}i
 
             in_scope_uris(homepage_res) do |uri|
               return @content_dir = Regexp.last_match[1] if uri.to_s.match(pattern)
diff --git a/spec/fixtures/target/platform/wordpress/custom_directories/themes_path_plugin_folder.html b/spec/fixtures/target/platform/wordpress/custom_directories/themes_path_plugin_folder.html
new file mode 100644
index 00000000..653a3ed3
--- /dev/null
+++ b/spec/fixtures/target/platform/wordpress/custom_directories/themes_path_plugin_folder.html
@@ -0,0 +1,5 @@
+
+<link rel="stylesheet" href="http://ex.lo/wp-content/plugins/wp-lightbox/js/lightbox/themes/default/jquery.lightbox.css" type="text/css" media="all"/>
+<!--[if IE 6]>
+<link rel="stylesheet" href="http://ex.lo/wp-content/plugins/wp-lightbox/js/lightbox/themes/default/jquery.lightbox.ie6.css" type="text/css" media="all"/>
+<![endif]-->
diff --git a/spec/shared_examples/target/platform/wordpress/custom_directories.rb b/spec/shared_examples/target/platform/wordpress/custom_directories.rb
index ec124d39..2cda36dc 100644
--- a/spec/shared_examples/target/platform/wordpress/custom_directories.rb
+++ b/spec/shared_examples/target/platform/wordpress/custom_directories.rb
@@ -8,7 +8,8 @@ shared_examples 'WordPress::CustomDirectories' do
       default: 'wp-content', https: 'wp-content', custom_w_spaces: 'custom content spaces',
       relative_one: 'wp-content', relative_two: 'wp-content', cache: 'wp-content',
       in_raw_js: 'wp-content', in_raw_js_escaped: 'wp-content', with_sub_dir: 'app',
-      relative_two_sub_dir: 'cms/wp-content', in_meta_content: 'wp-content'
+      relative_two_sub_dir: 'cms/wp-content', in_meta_content: 'wp-content',
+      themes_path_plugin_folder: 'wp-content'
     }.each do |file, expected|
       it "returns #{expected} for #{file}.html" do
         stub_request(:get, target.url).to_return(body: File.read(fixtures.join("#{file}.html")))