garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

output path

Browse Source
This commit is contained in:
Christian Mehlmauer
2015-05-21 23:16:33 +02:00
parent 8db06d37d2
commit 7a54ac62d6
2 changed files with 6 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
lib/wpscan/wp_target/wp_full_path_disclosure.rb
View File

@@ -11,6 +11,11 @@ class WpTarget < WebSite
response.body[%r{Fatal error}i] ? true : false response.body[%r{Fatal error}i] ? true : false
end end
def full_path_disclosure_data
return nil unless has_full_path_disclosure?
Browser.get(full_path_disclosure_url()).body[%r{<b>([^<]+\.php)</b>}, 1]
end
# @return [ String ] # @return [ String ]
def full_path_disclosure_url def full_path_disclosure_url
@uri.merge('wp-includes/rss-functions.php').to_s @uri.merge('wp-includes/rss-functions.php').to_s

2
wpscan.rb
View File

@@ -167,7 +167,7 @@ def main
end end
if wp_target.has_full_path_disclosure? if wp_target.has_full_path_disclosure?
puts warning("Full Path Disclosure (FPD) in: '#{wp_target.full_path_disclosure_url}'") puts warning("Full Path Disclosure (FPD) in '#{wp_target.full_path_disclosure_url}': #{wp_target.full_path_disclosure_data}")
end end
if wp_target.has_debug_log? if wp_target.has_debug_log?