Ref #455 - Fails with a message if the target returns a 403 during the wordpress check

2014-04-15 17:02:22 +02:00
parent 212b068a8d
commit 8038e2e01a
2 changed files with 13 additions and 0 deletions
--- a/lib/wpscan/wp_target.rb
+++ b/lib/wpscan/wp_target.rb
@@ -39,6 +39,11 @@ class WpTarget < WebSite

    response = Browser.get_and_follow_location(@uri.to_s)

+    # Note: in the future major WPScan version, change the user-agent to see
+    # if the response is a 200 ?
+    fail "The target is responding with a 403, this might be due to a WAF or a plugin\n" \
+          'You should try to supply a valid user-agent via the --user-agent option' if response.code == 403
+
    if response.body =~ /["'][^"']*\/wp-content\/[^"']*["']/i
      wordpress = true
    else
--- a/spec/lib/wpscan/wp_target_spec.rb
+++ b/spec/lib/wpscan/wp_target_spec.rb
@@ -97,6 +97,14 @@ describe WpTarget do
        wp_target.should_not be_wordpress
      end
    end
+
+    context 'when the response is a 403' do
+      before { stub_request(:any, /.*/).to_return(status: 403) }
+
+      it 'raises an error' do
+        expect { wp_target.wordpress? }.to raise_error
+      end
+    end
  end

  describe '#wordpress_hosted?' do