Adds more improvements re passive scanning when there are a lot of urls

2020-02-13 15:36:42 +00:00
parent 7d2b8a2a8b
commit 72d699b39a
18 changed files with 214 additions and 38 deletions
--- a/lib/wpscan/target/platform/wordpress.rb
+++ b/lib/wpscan/target/platform/wordpress.rb
@@ -100,7 +100,7 @@ module WPScan

          unless content_dir
            pattern = %r{https?://s\d\.wp\.com#{WORDPRESS_PATTERN}}i.freeze
-            xpath   = '//@href[contains(., "wp.com")]|//@src[contains(., "wp.com")]'
+            xpath   = '(//@href|//@src)[contains(., "wp.com")]'

            uris_from_page(homepage_res, xpath) do |uri|
              return true if uri.to_s.match?(pattern)