garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #1595 from wpscanteam/dev

Browse Source 
Dev
This commit is contained in:
Erwan
2021-01-12 15:01:27 +01:00
committed by GitHub
parent 689252c715 470fbb1ff3
commit 82941906ca
8 changed files with 135 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
app/controllers/core.rb
View File

@@ -8,13 +8,13 @@ module WPScan
def cli_options
[OptURL.new(['--url URL', 'The URL of the blog to scan'],
required_unless: %i[update help hh version], default_protocol: 'http')] +
super.drop(1) + # delete the --url from CMSScanner
super.drop(2) + # delete the --url and --force from CMSScanner
[
OptChoice.new(['--server SERVER', 'Force the supplied server module to be loaded'],
choices: %w[apache iis nginx],
normalize: %i[downcase to_sym],
advanced: true),
OptBoolean.new(['--force', 'Do not check if the target is running WordPress']),
OptBoolean.new(['--force', 'Do not check if the target is running WordPress or returns a 403']),
OptBoolean.new(['--[no-]update', 'Whether or not to update the Database'])
]
end

3
app/finders/interesting_findings.rb
View File

@@ -6,6 +6,7 @@ require_relative 'interesting_findings/multisite'
require_relative 'interesting_findings/debug_log'
require_relative 'interesting_findings/backup_db'
require_relative 'interesting_findings/mu_plugins'
require_relative 'interesting_findings/php_disabled'
require_relative 'interesting_findings/registration'
require_relative 'interesting_findings/tmm_db_migrate'
require_relative 'interesting_findings/upload_sql_dump'
@@ -26,7 +27,7 @@ module WPScan
%w[
Readme DebugLog FullPathDisclosure BackupDB DuplicatorInstallerLog
Multisite MuPlugins Registration UploadDirectoryListing TmmDbMigrate
UploadSQLDump EmergencyPwdResetScript WPCron
UploadSQLDump EmergencyPwdResetScript WPCron PHPDisabled
].each do |f|
finders << InterestingFindings.const_get(f).new(target)
end

21
app/finders/interesting_findings/php_disabled.rb Normal file
View File

@@ -0,0 +1,21 @@
# frozen_string_literal: true
module WPScan
module Finders
module InterestingFindings
# See https://github.com/wpscanteam/wpscan/issues/1593
class PHPDisabled < CMSScanner::Finders::Finder
PATTERN = /\$wp_version =/.freeze
# @return [ InterestingFinding ]
def aggressive(_opts = {})
path = 'wp-includes/version.php'
return unless PATTERN.match?(target.head_and_get(path).body)
Model::PHPDisabled.new(target.url(path), confidence: 100, found_by: DIRECT_ACCESS)
end
end
end
end
end

14
app/models/interesting_finding.rb
View File

@@ -132,5 +132,19 @@ module WPScan
}
end
end
class PHPDisabled < InterestingFinding
# @return [ String ]
def to_s
@to_s ||= 'PHP seems to be disabled'
end
# @return [ Hash ]
def references
@references ||= {
url: ['https://github.com/wpscanteam/wpscan/issues/1593']
}
end
end
end
end

50
spec/app/finders/interesting_findings/php_disabled_spec.rb Normal file
View File

@@ -0,0 +1,50 @@
# frozen_string_literal: true
describe WPScan::Finders::InterestingFindings::PHPDisabled do
subject(:finder) { described_class.new(target) }
let(:target) { WPScan::Target.new(url).extend(CMSScanner::Target::Server::Apache) }
let(:url) { 'http://ex.lo/' }
let(:fixtures) { FINDERS_FIXTURES.join('interesting_findings', 'php_disabled') }
let(:file_path) { 'wp-includes/version.php' }
let(:file_url) { target.url(file_path) }
describe '#aggressive' do
before do
expect(target).to receive(:sub_dir).at_least(1).and_return(false)
expect(target).to receive(:head_or_get_params).and_return(method: :head)
end
context 'when not a 200' do
it 'return nil' do
stub_request(:head, file_url).to_return(status: 404)
expect(finder.aggressive).to eql nil
end
end
context 'when a 200' do
before do
stub_request(:head, file_url)
stub_request(:get, file_url).to_return(body: body)
end
context 'when the body does not match' do
let(:body) { '' }
its(:aggressive) { should be_nil }
end
context 'when the body matches' do
let(:body) { File.read(fixtures.join('version.php')) }
it 'returns the PHPDisabled' do
expect(finder.aggressive).to eql WPScan::Model::PHPDisabled.new(
file_url,
confidence: 100,
found_by: described_class::DIRECT_ACCESS
)
end
end
end
end
end

2
spec/app/finders/interesting_findings_spec.rb
View File

@@ -10,7 +10,7 @@ describe WPScan::Finders::InterestingFindings::Base do
%w[
Readme DebugLog FullPathDisclosure
Multisite MuPlugins Registration UploadDirectoryListing TmmDbMigrate
UploadSQLDump
UploadSQLDump PHPDisabled
]
end

44
spec/fixtures/finders/interesting_findings/php_disabled/version.php vendored Normal file
View File

@@ -0,0 +1,44 @@
<?php
/**
* WordPress Version
*
* Contains version information for the current WordPress release.
*
* @package WordPress
* @since 1.1.0
*/
/**
* The WordPress version string.
*
* @global string $wp_version
*/
$wp_version = '5.6';
/**
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
*
* @global int $wp_db_version
*/
$wp_db_version = 49752;
/**
* Holds the TinyMCE version.
*
* @global string $tinymce_version
*/
$tinymce_version = '49110-20201110';
/**
* Holds the required PHP version.
*
* @global string $required_php_version
*/
$required_php_version = '5.6.20';
/**
* Holds the required MySQL version.
*
* @global string $required_mysql_version
*/
$required_mysql_version = '5.0';

2
wpscan.gemspec
View File

@@ -21,7 +21,7 @@ Gem::Specification.new do |s|
s.executables = ['wpscan']
s.require_paths = ['lib']
s.add_dependency 'cms_scanner', '~> 0.12.2'
s.add_dependency 'cms_scanner', '~> 0.13.0'
s.add_development_dependency 'bundler', '>= 1.6'
s.add_development_dependency 'memory_profiler', '~> 1.0.0'