garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Ref #455 - Fails with a message if the target returns a 403 during the wordpress check

Browse Source
This commit is contained in:
erwanlr
2014-04-15 17:02:22 +02:00
parent 212b068a8d
commit 8038e2e01a
2 changed files with 13 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
lib/wpscan/wp_target.rb
View File

@@ -39,6 +39,11 @@ class WpTarget < WebSite
response = Browser.get_and_follow_location(@uri.to_s) response = Browser.get_and_follow_location(@uri.to_s)
# Note: in the future major WPScan version, change the user-agent to see
# if the response is a 200 ?
fail "The target is responding with a 403, this might be due to a WAF or a plugin\n" \
'You should try to supply a valid user-agent via the --user-agent option' if response.code == 403
if response.body =~ /["'][^"']*\/wp-content\/[^"']*["']/i if response.body =~ /["'][^"']*\/wp-content\/[^"']*["']/i
wordpress = true wordpress = true
else else

8
spec/lib/wpscan/wp_target_spec.rb
View File

@@ -97,6 +97,14 @@ describe WpTarget do
wp_target.should_not be_wordpress wp_target.should_not be_wordpress
end end
end end
context 'when the response is a 403' do
before { stub_request(:any, /.*/).to_return(status: 403) }
it 'raises an error' do
expect { wp_target.wordpress? }.to raise_error
end
end
end end
describe '#wordpress_hosted?' do describe '#wordpress_hosted?' do