Merge branch 'master' into new-enumeration-system

README

@@ -105,6 +105,12 @@ ryandewhurst at gmail
 
       See http://vvv.tobiassjosten.net/ruby-on-rails/fixing-readline-for-the-ruby-on-rails-console/ for more details
 
+  - no such file to load -- rubygems
+      Run update-alternatives --config ruby
+      And select your ruby version
+
+      See https://github.com/wpscanteam/wpscan/issues/148
+
 
 ==WPSCAN ARGUMENTS==
 

README.md

@@ -116,6 +116,14 @@ Prerequisites:
 
       See http://vvv.tobiassjosten.net/ruby-on-rails/fixing-readline-for-the-ruby-on-rails-console/ for more details
 
+  - no such file to load -- rubygems
+
+      ```update-alternatives --config ruby```
+
+      And select your ruby version
+
+      See https://github.com/wpscanteam/wpscan/issues/148
+
 #### WPSCAN ARGUMENTS
 
     --update  Update to the latest revision

data/plugin_vulns.xml

@@ -4096,4 +4096,86 @@
     </vulnerability>
   </plugin>
 
+  <plugin name="mathjax-latex">
+    <vulnerability>
+      <title>Mathjax Latex 1.1 CSRF Vulnerability</title>
+      <reference>http://1337day.com/exploit/20566</reference>
+      <type>CSRF</type>
+    </vulnerability>
+  </plugin>
+
+  <plugin name="wp-banners-lite">
+    <vulnerability>
+      <title>XSS vulnerability on WP-Banners-Lite</title>
+      <reference>http://seclists.org/fulldisclosure/2013/Mar/209</reference>
+      <reference>http://threatpost.com/en_us/blogs/xss-flaw-wordpress-plugin-allows-injection-malicious-code-032513</reference>
+      <type>XSS</type>
+    </vulnerability>
+  </plugin>
+
+  <plugin name="backupbuddy">
+    <vulnerability>
+      <title>Backupbuddy - sensitive data exposure in importbuddy.php</title>
+      <reference>http://seclists.org/fulldisclosure/2013/Mar/206</reference>
+      <reference>http://archives.neohapsis.com/archives/fulldisclosure/2013-03/0205.html</reference>
+      <type>UNKNOWN</type>
+    </vulnerability>
+  </plugin>
+
+  <plugin name="wp-funeral-press">
+    <vulnerability>
+      <title>WP FuneralPress - Stored XSS in Guestbook</title>
+      <reference>http://seclists.org/fulldisclosure/2013/Mar/282</reference>
+      <type>XSS</type>
+    </vulnerability>
+  </plugin>
+
+  <plugin name="chikuncount">
+    <vulnerability>
+      <title>ofc_upload_image.php Arbitrary File Upload Vulnerability</title>
+      <reference>http://www.exploit-db.com/exploits/24492/</reference>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </plugin>
+
+  <plugin name="open-flash-chart-core-wordpress-plugin">
+    <vulnerability>
+      <title>ofc_upload_image.php Arbitrary File Upload Vulnerability</title>
+      <reference>http://www.exploit-db.com/exploits/24492/</reference>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </plugin>
+
+  <plugin name="spamtask">
+    <vulnerability>
+      <title>ofc_upload_image.php Arbitrary File Upload Vulnerability</title>
+      <reference>http://www.exploit-db.com/exploits/24492/</reference>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </plugin>
+
+  <plugin name="php-analytics">
+    <vulnerability>
+      <title>ofc_upload_image.php Arbitrary File Upload Vulnerability</title>
+      <reference>http://www.exploit-db.com/exploits/24492/</reference>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </plugin>
+
+  <plugin name="seo-spy-google-wordpress-plugin">
+    <vulnerability>
+      <title>ofc_upload_image.php Arbitrary File Upload Vulnerability</title>
+      <reference>http://www.exploit-db.com/exploits/24492/</reference>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </plugin>
+
+  <plugin name="wp-seo-spy-google">
+    <vulnerability>
+      <title>ofc_upload_image.php Arbitrary File Upload Vulnerability</title>
+      <reference>http://www.exploit-db.com/exploits/24492/</reference>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </plugin>
+
 </vulnerabilities>

data/theme_vulns.xml

@@ -1221,7 +1221,7 @@
       <type>XSS</type>
     </vulnerability>
   </theme>
-  
+
   <theme name="pinboard">
     <vulnerability>
       <title>Wordpress theme pinboard 1.0.6 XSS</title>
@@ -1264,4 +1264,21 @@
     </vulnerability>
   </theme>
 
+  <theme name="felici">
+    <vulnerability>
+      <title>felici XSS Vulnerability</title>
+      <reference>http://1337day.com/exploit/20560</reference>
+      <type>XSS</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="classic">
+    <vulnerability>
+      <title>CVE-2007-4483: Classic v1.5 Theme PHP_SELF XSS</title>
+      <reference>http://osvdb.org/38450</reference>
+      <reference>http://cve.mitre.org/cgi-bin/cvename.cgi?name=2007-4483</reference>
+      <type>XSS</type>
+    </vulnerability>
+  </theme>
+
 </vulnerabilities>

lib/common/browser.rb

@@ -196,6 +196,10 @@ class Browser
       params = params.merge(cache_ttl: @cache_ttl)
     end
 
+    # Disable SSL-Certificate checks
+    params = params.merge(ssl_verifypeer: false)
+    params = params.merge(ssl_verifyhost: 0)
+
     params
   end
 

spec/lib/common/browser_spec.rb

@@ -278,7 +278,7 @@ describe Browser do
 
   describe '#merge_request_params' do
     let(:params) { {} }
-    let(:default_expectation) { { cache_ttl: 250, headers: { 'User-Agent' => 'SomeUA' } } }
+    let(:default_expectation) { { cache_ttl: 250, headers: { 'User-Agent' => 'SomeUA' }, ssl_verifypeer: false, ssl_verifyhost: 0 } }
 
     after :each do
       @browser.stub(user_agent: 'SomeUA')

wpscan.rb

@@ -24,4 +24,4 @@ $: << '.'
 require File.dirname(__FILE__) + '/lib/wpscan/wpscan_helper'
 require File.dirname(__FILE__) + '/main'
 
-main()
+main()