garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fixed FP in rss version fingerprint. See Issue: #48

Browse Source
This commit is contained in:
ethicalhack3r
2012-10-26 13:10:48 +02:00
parent ad8b5e78ba
commit 68027cbd17
5 changed files with 337 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
lib/wpscan/wp_version.rb
View File

@@ -62,14 +62,14 @@ class WpVersion < Vulnerable
target_uri = options[:base_url] target_uri = options[:base_url]
response = Browser.instance.get(target_uri.to_s, {:follow_location => true, :max_redirects => 2}) response = Browser.instance.get(target_uri.to_s, {:follow_location => true, :max_redirects => 2})
response.body[%r{name="generator" content="wordpress ([^"]+)"}i, 1] response.body[%r{name="generator" content="wordpress (#{WpVersion.version_pattern})"}i, 1]
end end
def self.find_from_rss_generator(options) def self.find_from_rss_generator(options)
target_uri = options[:base_url] target_uri = options[:base_url]
response = Browser.instance.get(target_uri.merge("feed/").to_s, {:follow_location => true, :max_redirects => 2}) response = Browser.instance.get(target_uri.merge("feed/").to_s, {:follow_location => true, :max_redirects => 2})
response.body[%r{<generator>http://wordpress.org/\?v=([^<]+)</generator>}i, 1] response.body[%r{<generator>http://wordpress.org/\?v=(#{WpVersion.version_pattern})</generator>}i, 1]
end end
# Uses data/wp_versions.xml to try to identify a # Uses data/wp_versions.xml to try to identify a

174
spec/fixtures/wpscan/wp_version/meta-generator/invalid_version.htm vendored Executable file
View File

@@ -0,0 +1,174 @@
<!DOCTYPE html>
<!--[if IE 6]>
<html id="ie6" dir="ltr" lang="en-US">
<![endif]-->
<!--[if IE 7]>
<html id="ie7" dir="ltr" lang="en-US">
<![endif]-->
<!--[if IE 8]>
<html id="ie8" dir="ltr" lang="en-US">
<![endif]-->
<!--[if !(IE 6) | !(IE 7) | !(IE 8) ]><!-->
<html dir="ltr" lang="en-US">
<!--<![endif]-->
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width" />
<title>Wordpress 3.3.2 | Just another WordPress site</title>
<link rel="profile" href="http://gmpg.org/xfn/11" />
<link rel="stylesheet" type="text/css" media="all" href="http://lamp/wordpress-3.3.2/wp-content/themes/twentyeleven/style.css" />
<link rel="pingback" href="http://lamp/wordpress-3.3.2/xmlrpc.php" />
<!--[if lt IE 9]>
<script src="http://lamp/wordpress-3.3.2/wp-content/themes/twentyeleven/js/html5.js" type="text/javascript"></script>
<![endif]-->
<meta name='robots' content='noindex,nofollow' />
<link rel="alternate" type="application/rss+xml" title="Wordpress 3.3.2 &raquo; Feed" href="http://lamp/wordpress-3.3.2/?feed=rss2" />
<link rel="alternate" type="application/rss+xml" title="Wordpress 3.3.2 &raquo; Comments Feed" href="http://lamp/wordpress-3.3.2/?feed=comments-rss2" />
<link rel='stylesheet' id='admin-bar-css' href='http://lamp/wordpress-3.3.2/wp-includes/css/admin-bar.css?ver=20111209' type='text/css' media='all' />
<link rel="EditURI" type="application/rsd+xml" title="RSD" href="http://lamp/wordpress-3.3.2/xmlrpc.php?rsd" />
<link rel="wlwmanifest" type="application/wlwmanifest+xml" href="http://lamp/wordpress-3.3.2/wp-includes/wlwmanifest.xml" />
<meta name="generator" content="WordPress 5506" />
<style type="text/css">.recentcomments a{display:inline !important;padding:0 !important;margin:0 !important;}</style>
<style type="text/css" media="print">#wpadminbar { display:none; }</style>
<style type="text/css" media="screen">
html { margin-top: 28px !important; }
* html body { margin-top: 28px !important; }
</style>
</head>
<body class="home blog logged-in admin-bar single-author two-column right-sidebar">
<div id="page" class="hfeed">
<header id="branding" role="banner">
<hgroup>
<h1 id="site-title"><span><a href="http://lamp/wordpress-3.3.2/" title="Wordpress 3.3.2" rel="home">Wordpress 3.3.2</a></span></h1>
<h2 id="site-description">Just another WordPress site</h2>
</hgroup>
<a href="http://lamp/wordpress-3.3.2/">
<img src="http://lamp/wordpress-3.3.2/wp-content/themes/twentyeleven/images/headers/willow.jpg" width="1000" height="288" alt="" />
</a>
<form method="get" id="searchform" action="http://lamp/wordpress-3.3.2/">
<label for="s" class="assistive-text">Search</label>
<input type="text" class="field" name="s" id="s" placeholder="Search" />
<input type="submit" class="submit" name="submit" id="searchsubmit" value="Search" />
</form>
<nav id="access" role="navigation">
<h3 class="assistive-text">Main menu</h3>
<div class="skip-link"><a class="assistive-text" href="#content" title="Skip to primary content">Skip to primary content</a></div>
<div class="skip-link"><a class="assistive-text" href="#secondary" title="Skip to secondary content">Skip to secondary content</a></div>
<div class="menu"><ul><li class="current_page_item"><a href="http://lamp/wordpress-3.3.2/" title="Home">Home</a></li><li class="page_item page-item-2"><a href="http://lamp/wordpress-3.3.2/?page_id=2">Sample Page</a></li></ul></div>
</nav><!-- #access -->
</header><!-- #branding -->
<div id="main">
<div id="primary">
<div id="content" role="main">
<article id="post-1" class="post-1 post type-post status-publish format-standard hentry category-uncategorized">
<header class="entry-header">
<h1 class="entry-title"><a href="http://lamp/wordpress-3.3.2/?p=1" title="Permalink to Hello world!" rel="bookmark">Hello world!</a></h1>
<div class="entry-meta">
<span class="sep">Posted on </span><a href="http://lamp/wordpress-3.3.2/?p=1" title="1:05 pm" rel="bookmark"><time class="entry-date" datetime="2012-05-02T13:05:44+00:00" pubdate>May 2, 2012</time></a><span class="by-author"> <span class="sep"> by </span> <span class="author vcard"><a class="url fn n" href="http://lamp/wordpress-3.3.2/?author=1" title="View all posts by admin" rel="author">admin</a></span></span> </div><!-- .entry-meta -->
<div class="comments-link">
<a href="http://lamp/wordpress-3.3.2/?p=1#comments" title="Comment on Hello world!">2</a> </div>
</header><!-- .entry-header -->
<div class="entry-content">
<p>Welcome to WordPress. This is your first post. Edit or delete it, then start blogging!</p>
</div><!-- .entry-content -->
<footer class="entry-meta">
<span class="cat-links">
<span class="entry-utility-prep entry-utility-prep-cat-links">Posted in</span> <a href="http://lamp/wordpress-3.3.2/?cat=1" title="View all posts in Uncategorized" rel="category">Uncategorized</a> </span>
<span class="sep"> | </span>
<span class="comments-link"><a href="http://lamp/wordpress-3.3.2/?p=1#comments" title="Comment on Hello world!"><b>2</b> Replies</a></span>
<span class="edit-link"><a class="post-edit-link" href="http://lamp/wordpress-3.3.2/wp-admin/post.php?post=1&amp;action=edit" title="Edit Post">Edit</a></span> </footer><!-- #entry-meta -->
</article><!-- #post-1 -->
</div><!-- #content -->
</div><!-- #primary -->
<div id="secondary" class="widget-area" role="complementary">
<aside id="search-2" class="widget widget_search"> <form method="get" id="searchform" action="http://lamp/wordpress-3.3.2/">
<label for="s" class="assistive-text">Search</label>
<input type="text" class="field" name="s" id="s" placeholder="Search" />
<input type="submit" class="submit" name="submit" id="searchsubmit" value="Search" />
</form>
</aside> <aside id="recent-posts-2" class="widget widget_recent_entries"> <h3 class="widget-title">Recent Posts</h3> <ul>
<li><a href="http://lamp/wordpress-3.3.2/?p=1" title="Hello world!">Hello world!</a></li>
</ul>
</aside><aside id="recent-comments-2" class="widget widget_recent_comments"><h3 class="widget-title">Recent Comments</h3><ul id="recentcomments"><li class="recentcomments">Pwet on <a href="http://lamp/wordpress-3.3.2/?p=1#comment-2">Hello world!</a></li><li class="recentcomments"><a href='http://wordpress.org/' rel='external nofollow' class='url'>Mr WordPress</a> on <a href="http://lamp/wordpress-3.3.2/?p=1#comment-1">Hello world!</a></li></ul></aside><aside id="archives-2" class="widget widget_archive"><h3 class="widget-title">Archives</h3> <ul>
<li><a href='http://lamp/wordpress-3.3.2/?m=201205' title='May 2012'>May 2012</a></li>
</ul>
</aside><aside id="categories-2" class="widget widget_categories"><h3 class="widget-title">Categories</h3> <ul>
<li class="cat-item cat-item-1"><a href="http://lamp/wordpress-3.3.2/?cat=1" title="View all posts filed under Uncategorized">Uncategorized</a>
</li>
</ul>
</aside><aside id="meta-2" class="widget widget_meta"><h3 class="widget-title">Meta</h3> <ul>
<li><a href="http://lamp/wordpress-3.3.2/wp-admin/">Site Admin</a></li> <li><a href="http://lamp/wordpress-3.3.2/wp-login.php?action=logout&#038;_wpnonce=56da14efc4">Log out</a></li>
<li><a href="http://lamp/wordpress-3.3.2/?feed=rss2" title="Syndicate this site using RSS 2.0">Entries <abbr title="Really Simple Syndication">RSS</abbr></a></li>
<li><a href="http://lamp/wordpress-3.3.2/?feed=comments-rss2" title="The latest comments to all posts in RSS">Comments <abbr title="Really Simple Syndication">RSS</abbr></a></li>
<li><a href="http://wordpress.org/" title="Powered by WordPress, state-of-the-art semantic personal publishing platform.">WordPress.org</a></li>
</ul>
</aside> </div><!-- #secondary .widget-area -->
</div><!-- #main -->
<footer id="colophon" role="contentinfo">
<div id="site-generator">
<a href="http://wordpress.org/" title="Semantic Personal Publishing Platform" rel="generator">Proudly powered by WordPress</a>
</div>
</footer><!-- #colophon -->
</div><!-- #page -->
<script type='text/javascript' src='http://lamp/wordpress-3.3.2/wp-includes/js/admin-bar.js?ver=20111130'></script>
<div id="wpadminbar" class="nojq nojs" role="navigation">
<div class="quicklinks">
<ul id="wp-admin-bar-root-default" class="ab-top-menu">
<li id="wp-admin-bar-wp-logo" class="menupop"><a class="ab-item" tabindex="10" aria-haspopup="true" href="http://lamp/wordpress-3.3.2/wp-admin/about.php" title="About WordPress"><span class="ab-icon"></span></a><div class="ab-sub-wrapper"><ul id="wp-admin-bar-wp-logo-default" class="ab-submenu">
<li id="wp-admin-bar-about" class=""><a class="ab-item" tabindex="10" href="http://lamp/wordpress-3.3.2/wp-admin/about.php">About WordPress</a> </li></ul><ul id="wp-admin-bar-wp-logo-external" class="ab-sub-secondary ab-submenu">
<li id="wp-admin-bar-wporg" class=""><a class="ab-item" tabindex="10" href="http://wordpress.org">WordPress.org</a> </li>
<li id="wp-admin-bar-documentation" class=""><a class="ab-item" tabindex="10" href="http://codex.wordpress.org">Documentation</a> </li>
<li id="wp-admin-bar-support-forums" class=""><a class="ab-item" tabindex="10" href="http://wordpress.org/support/">Support Forums</a> </li>
<li id="wp-admin-bar-feedback" class=""><a class="ab-item" tabindex="10" href="http://wordpress.org/support/forum/requests-and-feedback">Feedback</a> </li></ul></div> </li>
<li id="wp-admin-bar-site-name" class="menupop"><a class="ab-item" tabindex="10" aria-haspopup="true" href="http://lamp/wordpress-3.3.2/wp-admin/">Wordpress 3.3.2</a><div class="ab-sub-wrapper"><ul id="wp-admin-bar-site-name-default" class="ab-submenu">
<li id="wp-admin-bar-dashboard" class=""><a class="ab-item" tabindex="10" href="http://lamp/wordpress-3.3.2/wp-admin/">Dashboard</a> </li></ul><ul id="wp-admin-bar-appearance" class=" ab-submenu">
<li id="wp-admin-bar-themes" class=""><a class="ab-item" tabindex="10" href="http://lamp/wordpress-3.3.2/wp-admin/themes.php">Themes</a> </li>
<li id="wp-admin-bar-widgets" class=""><a class="ab-item" tabindex="10" href="http://lamp/wordpress-3.3.2/wp-admin/widgets.php">Widgets</a> </li>
<li id="wp-admin-bar-menus" class=""><a class="ab-item" tabindex="10" href="http://lamp/wordpress-3.3.2/wp-admin/nav-menus.php">Menus</a> </li>
<li id="wp-admin-bar-background" class=""><a class="ab-item" tabindex="10" href="http://lamp/wordpress-3.3.2/wp-admin/themes.php?page=custom-background">Background</a> </li>
<li id="wp-admin-bar-header" class=""><a class="ab-item" tabindex="10" href="http://lamp/wordpress-3.3.2/wp-admin/themes.php?page=custom-header">Header</a> </li></ul></div> </li>
<li id="wp-admin-bar-comments" class=""><a class="ab-item" tabindex="10" href="http://lamp/wordpress-3.3.2/wp-admin/edit-comments.php" title="0 comments awaiting moderation"><span class="ab-icon"></span><span id="ab-awaiting-mod" class="ab-label awaiting-mod pending-count count-0">0</span></a> </li>
<li id="wp-admin-bar-new-content" class="menupop"><a class="ab-item" tabindex="10" aria-haspopup="true" href="http://lamp/wordpress-3.3.2/wp-admin/post-new.php" title="Add New"><span class="ab-icon"></span><span class="ab-label">New</span></a><div class="ab-sub-wrapper"><ul id="wp-admin-bar-new-content-default" class="ab-submenu">
<li id="wp-admin-bar-new-post" class=""><a class="ab-item" tabindex="10" href="http://lamp/wordpress-3.3.2/wp-admin/post-new.php">Post</a> </li>
<li id="wp-admin-bar-new-media" class=""><a class="ab-item" tabindex="10" href="http://lamp/wordpress-3.3.2/wp-admin/media-new.php">Media</a> </li>
<li id="wp-admin-bar-new-link" class=""><a class="ab-item" tabindex="10" href="http://lamp/wordpress-3.3.2/wp-admin/link-add.php">Link</a> </li>
<li id="wp-admin-bar-new-page" class=""><a class="ab-item" tabindex="10" href="http://lamp/wordpress-3.3.2/wp-admin/post-new.php?post_type=page">Page</a> </li>
<li id="wp-admin-bar-new-user" class=""><a class="ab-item" tabindex="10" href="http://lamp/wordpress-3.3.2/wp-admin/user-new.php">User</a> </li></ul></div> </li></ul><ul id="wp-admin-bar-top-secondary" class="ab-top-secondary ab-top-menu">
<li id="wp-admin-bar-search" class=" admin-bar-search"><div class="ab-item ab-empty-item" tabindex="-1"><form action="http://lamp/wordpress-3.3.2/" method="get" id="adminbarsearch"><input class="adminbar-input" name="s" id="adminbar-search" tabindex="10" type="text" value="" maxlength="150" /><input type="submit" class="adminbar-button" value="Search"/></form></div> </li>
<li id="wp-admin-bar-my-account" class="menupop with-avatar"><a class="ab-item" tabindex="10" aria-haspopup="true" href="http://lamp/wordpress-3.3.2/wp-admin/profile.php" title="My Account">Howdy, admin<img alt='' src='http://0.gravatar.com/avatar/64e1b8d34f425d19e1ee2ea7236d3028?s=16&amp;d=http%3A%2F%2F0.gravatar.com%2Favatar%2Fad516503a11cd5ca435acc9bb6523536%3Fs%3D16&amp;r=G' class='avatar avatar-16 photo' height='16' width='16' /></a><div class="ab-sub-wrapper"><ul id="wp-admin-bar-user-actions" class=" ab-submenu">
<li id="wp-admin-bar-user-info" class=""><a class="ab-item" tabindex="-1" href="http://lamp/wordpress-3.3.2/wp-admin/profile.php"><img alt='' src='http://0.gravatar.com/avatar/64e1b8d34f425d19e1ee2ea7236d3028?s=64&amp;d=http%3A%2F%2F0.gravatar.com%2Favatar%2Fad516503a11cd5ca435acc9bb6523536%3Fs%3D64&amp;r=G' class='avatar avatar-64 photo' height='64' width='64' /><span class='display-name'>admin</span></a> </li>
<li id="wp-admin-bar-edit-profile" class=""><a class="ab-item" tabindex="10" href="http://lamp/wordpress-3.3.2/wp-admin/profile.php">Edit My Profile</a> </li>
<li id="wp-admin-bar-logout" class=""><a class="ab-item" tabindex="10" href="http://lamp/wordpress-3.3.2/wp-login.php?action=logout&#038;_wpnonce=56da14efc4">Log Out</a> </li></ul></div> </li></ul> </div>
</div>
</body>
</html>

109
spec/fixtures/wpscan/wp_version/readme/invalid_version.html vendored Executable file
View File

@@ -0,0 +1,109 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>WordPress &#8250; ReadMe</title>
<link rel="stylesheet" href="wp-admin/css/install.css?ver=20100228" type="text/css" />
</head>
<body>
<h1 id="logo">
<a href="http://wordpress.org/"><img alt="WordPress" src="wp-admin/images/wordpress-logo.png" width="250" height="68" /></a>
<br /> Version 5506
</h1>
<p style="text-align: center">Semantic Personal Publishing Platform</p>
<h1>First Things First</h1>
<p>Welcome. WordPress is a very special project to me. Every developer and contributor adds something unique to the mix, and together we create something beautiful that I'm proud to be a part of. Thousands of hours have gone into WordPress, and we're dedicated to making it better every day. Thank you for making it part of your world.</p>
<p style="text-align: right">&#8212; Matt Mullenweg</p>
<h1>Installation: Famous 5-minute install</h1>
<ol>
<li>Unzip the package in an empty directory and upload everything.</li>
<li>Open <span class="file"><a href="wp-admin/install.php">wp-admin/install.php</a></span> in your browser. It will take you through the process to set up a <code>wp-config.php</code> file with your database connection details.
<ol>
<li>If for some reason this doesn't work, don't worry. It doesn't work on all web hosts. Open up <code>wp-config-sample.php</code> with a text editor like WordPad or similar and fill in your database connection details.</li>
<li>Save the file as <code>wp-config.php</code> and upload it.</li>
<li>Open <span class="file"><a href="wp-admin/install.php">wp-admin/install.php</a></span> in your browser.</li>
</ol>
</li>
<li>Once the configuration file is set up, the installer will set up the tables needed for your blog. If there is an error, double check your <code>wp-config.php</code> file, and try again. If it fails again, please go to the <a href="http://wordpress.org/support/" title="WordPress support">support forums</a> with as much data as you can gather.</li>
<li><strong>If you did not enter a password, note the password given to you.</strong> If you did not provide a username, it will be <code>admin</code>.</li>
<li>The installer should then send you to the <a href="wp-login.php">login page</a>. Sign in with the username and password you chose during the installation. If a password was generated for you, you can then click on 'Profile' to change the password.</li>
</ol>
<h1>Updating</h1>
<h2>Using the Automatic Updater</h2>
<p>If you are updating from version 2.7 or higher, you can use the automatic updater:</p>
<ol>
<li>Open the <span class="file"><a href="wp-admin/update-core.php">wp-admin/update-core.php</a></span> in your browser and follow the instructions.</li>
<li>You wanted more, perhaps? That's it!</li>
</ol>
<h2>Updating Manually</h2>
<ol>
<li>Before you update anything, make sure you have backup copies of any files you may have modified such as <code>index.php</code>.</li>
<li>Delete your old WordPress files, saving ones you've modified.</li>
<li>Upload the new files.</li>
<li>Point your browser to <span class="file"><a href="wp-admin/upgrade.php">/wp-admin/upgrade.php</a>.</span></li>
</ol>
<h2>Theme Template Changes</h2>
<p>If you have customized your theme templates, you may have to make some changes across major versions.</p>
<h1>Migrating from other systems</h1>
<p>WordPress can <a href="http://codex.wordpress.org/Importing_Content">import from a number of systems</a>. First you need to get WordPress installed and working as described above, before using <a href="wp-admin/import.php" title="Import to WordPress">our import tools</a>.</p>
<h1>System Requirements</h1>
<ul>
<li><a href="http://php.net/">PHP</a> version <strong>5.2.4</strong> or higher.</li>
<li><a href="http://www.mysql.com/">MySQL</a> version <strong>5.0</strong> or higher.</li>
</ul>
<h2>System Recommendations</h2>
<ul>
<li>The <a href="http://httpd.apache.org/docs/2.2/mod/mod_rewrite.html">mod_rewrite</a> Apache module.</li>
<li>A link to <a href="http://wordpress.org/">http://wordpress.org</a> on your site.</li>
</ul>
<h1>Online Resources</h1>
<p>If you have any questions that aren't addressed in this document, please take advantage of WordPress' numerous online resources:</p>
<dl>
<dt><a href="http://codex.wordpress.org/">The WordPress Codex</a></dt>
<dd>The Codex is the encyclopedia of all things WordPress. It is the most comprehensive source of information for WordPress available.</dd>
<dt><a href="http://wordpress.org/news/">The WordPress Blog</a></dt>
<dd>This is where you'll find the latest updates and news related to WordPress. Recent WordPress news appears in your administrative dashboard by default.</dd>
<dt><a href="http://planet.wordpress.org/">WordPress Planet</a></dt>
<dd>The WordPress Planet is a news aggregator that brings together posts from WordPress blogs around the web.</dd>
<dt><a href="http://wordpress.org/support/">WordPress Support Forums</a></dt>
<dd>If you've looked everywhere and still can't find an answer, the support forums are very active and have a large community ready to help. To help them help you be sure to use a descriptive thread title and describe your question in as much detail as possible.</dd>
<dt><a href="http://codex.wordpress.org/IRC">WordPress <abbr title="Internet Relay Chat">IRC</abbr> Channel</a></dt>
<dd>There is an online chat channel that is used for discussion among people who use WordPress and occasionally support topics. The above wiki page should point you in the right direction. (<a href="irc://irc.freenode.net/wordpress">irc.freenode.net #wordpress</a>)</dd>
</dl>
<h1><abbr title="eXtensible Markup Language">XML</abbr>-<abbr title="Remote Procedure Call">RPC</abbr> and Atom Interface</h1>
<p>You can post to your WordPress blog with tools like <a href="http://download.live.com/writer">Windows Live Writer</a>, <a href="http://illuminex.com/ecto/">Ecto</a>, <a href="http://bloggar.com/">w.bloggar</a>, <a href="http://radio.userland.com/">Radio Userland</a> (which means you can use Radio's email-to-blog feature), <a href="http://www.newzcrawler.com/">NewzCrawler</a>, and other tools that support the blogging <abbr title="application programming interface">API</abbr>s! :) You can read more about <a href="http://codex.wordpress.org/XML-RPC_Support"><abbr>XML</abbr>-<abbr>RPC</abbr> support on the Codex</a>.</p>
<h1>Post via Email</h1>
<p>You can post from an email client! To set this up go to your &quot;Writing&quot; options screen and fill in the connection details for your secret <abbr title="Post Office Protocol version 3">POP3</abbr> account. Then you need to set up <code>wp-mail.php</code> to execute periodically to check the mailbox for new posts. You can do it with <a href="http://en.wikipedia.org/wiki/Cron">cron</a>-jobs, or if your host doesn't support it you can look into the various website-monitoring services, and make them check your <code>wp-mail.php</code> <abbr title="Uniform Resource Locator">URL</abbr>.</p>
<p>Posting is easy: Any email sent to the address you specify will be posted, with the subject as the title. It is best to keep the address discrete. The script will <em>delete</em> emails that are successfully posted.</p>
<h1>User Roles</h1>
<p>We introduced a very flexible roles system in version 2.0. You can <a href="http://codex.wordpress.org/Roles_and_Capabilities" title="WordPress roles and capabilities">read more about Roles and Capabilities on the Codex</a>.</p>
<h1>Final Notes</h1>
<ul>
<li>If you have any suggestions, ideas, or comments, or if you (gasp!) found a bug, join us in the <a href="http://wordpress.org/support/">Support Forums</a>.</li>
<li>WordPress has a robust plugin <abbr title="application programming interface">API</abbr> that makes extending the code easy. If you are a developer interested in utilizing this, see the <a href="http://codex.wordpress.org/Plugin_API" title="WordPress plugin API">plugin documentation in the Codex</a>. You shouldn't modify any of the core code.</li>
</ul>
<h1>Share the Love</h1>
<p>WordPress has no multi-million dollar marketing campaign or celebrity sponsors, but we do have something even better&#8212;you. If you enjoy WordPress please consider telling a friend, setting it up for someone less knowledgable than yourself, or writing the author of a media article that overlooks us.</p>
<p>WordPress is the official continuation of <a href="http://cafelog.com/">b2/caf&#233;log</a>, which came from Michel V. The work has been continued by the <a href="http://wordpress.org/about/">WordPress developers</a>. If you would like to support WordPress, please consider <a href="http://wordpress.org/donate/" title="Donate to WordPress">donating</a>.</p>
<h1>License</h1>
<p>WordPress is free software, and is released under the terms of the <abbr title="GNU General Public License">GPL</abbr> version 2 or (at your option) any later version. See <a href="license.txt">license.txt</a>.</p>
</body>
</html>

37
spec/fixtures/wpscan/wp_version/rss-generator/invalid_version.htm vendored Executable file
View File

@@ -0,0 +1,37 @@
<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0"
xmlns:content="http://purl.org/rss/1.0/modules/content/"
xmlns:wfw="http://wellformedweb.org/CommentAPI/"
xmlns:dc="http://purl.org/dc/elements/1.1/"
xmlns:atom="http://www.w3.org/2005/Atom"
xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
xmlns:slash="http://purl.org/rss/1.0/modules/slash/"
>
<channel>
<title>Wordpress 3.3.2</title>
<atom:link href="http://lamp/wordpress-3.3.2/?feed=rss2" rel="self" type="application/rss+xml" />
<link>http://lamp/wordpress-3.3.2</link>
<description>Just another WordPress site</description>
<lastBuildDate>Wed, 02 May 2012 13:05:44 +0000</lastBuildDate>
<language>en</language>
<sy:updatePeriod>hourly</sy:updatePeriod>
<sy:updateFrequency>1</sy:updateFrequency>
<generator>http://wordpress.org/?v=5506</generator>
<item>
<title>Hello world!</title>
<link>http://lamp/wordpress-3.3.2/?p=1</link>
<comments>http://lamp/wordpress-3.3.2/?p=1#comments</comments>
<pubDate>Wed, 02 May 2012 13:05:44 +0000</pubDate>
<dc:creator>admin</dc:creator>
<category><![CDATA[Uncategorized]]></category>
<guid isPermaLink="false">http://lamp/wordpress-3.3.2/?p=1</guid>
<description><![CDATA[Welcome to WordPress. This is your first post. Edit or delete it, then start blogging!]]></description>
<content:encoded><![CDATA[<p>Welcome to WordPress. This is your first post. Edit or delete it, then start blogging!</p>
]]></content:encoded>
<wfw:commentRss>http://lamp/wordpress-3.3.2/?feed=rss2&#038;p=1</wfw:commentRss>
<slash:comments>2</slash:comments>
</item>
</channel>
</rss>

17
spec/lib/wpscan/wp_version_spec.rb
View File

@@ -30,7 +30,6 @@ describe WpVersion do
after :each do after :each do
stub_request_to_fixture(:url => @target_uri.to_s, :fixture => @fixture) stub_request_to_fixture(:url => @target_uri.to_s, :fixture => @fixture)
WpVersion.find_from_meta_generator(:base_url => @target_uri.to_s).should === @expected WpVersion.find_from_meta_generator(:base_url => @target_uri.to_s).should === @expected
end end
@@ -48,6 +47,11 @@ describe WpVersion do
@fixture = fixtures_dir + "/3.4-beta4.htm" @fixture = fixtures_dir + "/3.4-beta4.htm"
@expected = "3.4-beta4" @expected = "3.4-beta4"
end end
it "should return nil if it's not a valid version, must contains at least one '.'" do
@fixture = fixtures_dir + "/invalid_version.htm"
@expected = nil
end
end end
describe "#find_from_rss_generator" do describe "#find_from_rss_generator" do
@@ -56,7 +60,6 @@ describe WpVersion do
after :each do after :each do
@status_code ||= 200 @status_code ||= 200
stub_request_to_fixture(:url => @target_uri.merge("feed/").to_s, :status => @status_code, :fixture => @fixture) stub_request_to_fixture(:url => @target_uri.merge("feed/").to_s, :status => @status_code, :fixture => @fixture)
WpVersion.find_from_rss_generator(:base_url => @target_uri).should === @expected WpVersion.find_from_rss_generator(:base_url => @target_uri).should === @expected
end end
@@ -85,6 +88,11 @@ describe WpVersion do
@fixture = fixtures_dir + "/3.4-beta4.htm" @fixture = fixtures_dir + "/3.4-beta4.htm"
@expected = "3.4-beta4" @expected = "3.4-beta4"
end end
it "should return nil if it's not a valid version, must contains at least one '.'" do
@fixture = fixtures_dir + "/invalid_version.htm"
@expected = nil
end
end end
describe "#find_from_sitemap_generator" do describe "#find_from_sitemap_generator" do
@@ -136,6 +144,11 @@ describe WpVersion do
@fixture = fixtures_dir + "/readme-3.3.2.html" @fixture = fixtures_dir + "/readme-3.3.2.html"
@expected = "3.3.2" @expected = "3.3.2"
end end
it "should return nil if it's not a valid version, must contains at least one '.'" do
@fixture = fixtures_dir + "/invalid_version.html"
@expected = nil
end
end end
describe "#find_from_advanced_fingerprinting" do describe "#find_from_advanced_fingerprinting" do