Fixes non detection of plugin/theme readme and changelog files due to changes in CMSSCanner

2019-03-25 21:25:00 +00:00
parent bf91f60242
commit 7ea1acb7c1
4 changed files with 41 additions and 4 deletions
--- a/app/models/plugin.rb
+++ b/app/models/plugin.rb
@@ -9,6 +9,10 @@ module WPScan
        super(slug, blog, opts)

        @uri = Addressable::URI.parse(blog.url("wp-content/plugins/#{slug}/"))
+
+        # To be used by #head_and_get
+        # If custom wp-content, it will be replaced by blog#url
+        @path_from_blog = "wp-content/plugins/#{slug}/"
      end

      # @return [ JSON ]
--- a/app/models/theme.rb
+++ b/app/models/theme.rb
@@ -14,6 +14,10 @@ module WPScan
        @uri       = Addressable::URI.parse(blog.url("wp-content/themes/#{slug}/"))
        @style_url = opts[:style_url] || url('style.css')

+        # To be used by #head_and_get
+        # If custom wp-content, it will be replaced by blog#url
+        @path_from_blog = "wp-content/themes/#{slug}/"
+
        parse_style
      end

--- a/app/models/wp_item.rb
+++ b/app/models/wp_item.rb
@@ -12,9 +12,9 @@ module WPScan
      READMES    = %w[readme.txt README.txt README.md readme.md Readme.txt].freeze
      CHANGELOGS = %w[changelog.txt CHANGELOG.md changelog.md].freeze

-      attr_reader :uri, :slug, :detection_opts, :version_detection_opts, :blog, :db_data
+      attr_reader :uri, :slug, :detection_opts, :version_detection_opts, :blog, :path_from_blog, :db_data

-      delegate :homepage_res, :xpath_pattern_from_page, :in_scope_urls, :head_and_get, to: :blog
+      delegate :homepage_res, :xpath_pattern_from_page, :in_scope_urls, to: :blog

      # @param [ String ] slug The plugin/theme slug
      # @param [ Target ] blog The targeted blog
@@ -119,7 +119,9 @@ module WPScan
        return @readme_url unless @readme_url.nil?

        READMES.each do |path|
-          return @readme_url = url(path) if Browser.forge_request(url(path), blog.head_or_get_params).run.code == 200
+          t_url = url(path)
+
+          return @readme_url = t_url if Browser.forge_request(t_url, blog.head_or_get_params).run.code == 200
        end

        @readme_url = false
@@ -132,7 +134,9 @@ module WPScan
        return @changelog_url unless @changelog_url.nil?

        CHANGELOGS.each do |path|
-          return @changelog_url = url(path) if Browser.forge_request(url(path), blog.head_or_get_params).run.code == 200
+          t_url = url(path)
+
+          return @changelog_url = t_url if Browser.forge_request(t_url, blog.head_or_get_params).run.code == 200
        end

        @changelog_url = false
@@ -157,6 +161,26 @@ module WPScan

        super(path, params)
      end
+
+      # See CMSScanner::Target#head_and_get
+      #
+      # This is used by the error_log? above in the super()
+      # to have the correct path (ie readme.txt checked from the plugin/theme location
+      # and not from the blog root). Could also be used in finders
+      #
+      # @param [ String ] path
+      # @param [ Array<String> ] codes
+      # @param [ Hash ] params The requests params
+      # @option params [ Hash ] :head Request params for the HEAD
+      # @option params [ hash ] :get Request params for the GET
+      #
+      # @return [ Typhoeus::Response ]
+      def head_and_get(path, codes = [200], params = {})
+        final_path = +@path_from_blog
+        final_path << URI.encode(path) unless path.nil?
+
+        blog.head_and_get(final_path, codes, params)
+      end
    end
  end
 end
--- a/spec/app/models/wp_item_spec.rb
+++ b/spec/app/models/wp_item_spec.rb
@@ -112,6 +112,7 @@ describe WPScan::Model::WpItem do
    end
  end

+  # Guess all the below should be in the theme/plugin specs
  describe '#readme_url' do
    xit
  end
@@ -127,4 +128,8 @@ describe WPScan::Model::WpItem do
  describe '#error_log?' do
    xit
  end
+
+  describe '#head_and_get' do
+    xit
+  end
 end