diff --git a/data/plugin_vulns.xml b/data/plugin_vulns.xml index dc9380aa..cf1935fc 100644 --- a/data/plugin_vulns.xml +++ b/data/plugin_vulns.xml @@ -4113,4 +4113,12 @@ + + + Backupbuddy - sensitive data exposure in importbuddy.php + http://seclists.org/fulldisclosure/2013/Mar/206 + UNKNOWN + + + diff --git a/lib/wpscan/wp_target.rb b/lib/wpscan/wp_target.rb index 3c6b5593..94b2c648 100644 --- a/lib/wpscan/wp_target.rb +++ b/lib/wpscan/wp_target.rb @@ -155,16 +155,6 @@ class WpTarget < WebSite resp.code == 200 && resp.body[%r{by interconnect}i] end - # FIXME: a plugin which does not follow the wordpress plugin system - def backupbuddy_url - @uri.merge('importbuddy.php').to_s - end - - def has_backupbuddy? - response = Browser.instance.get(backupbuddy_url) - response.code == 200 && response.body[%r{BackupBuddy}i] - end - # Should check wp-login.php if registration is enabled or not def registration_enabled? resp = Browser.instance.get(registration_url) diff --git a/main.rb b/main.rb index 1751fc45..71d95256 100644 --- a/main.rb +++ b/main.rb @@ -170,14 +170,6 @@ def main puts red("[!] searchreplacedb2.php has been found '#{wp_target.search_replace_db_2_url}'") end - if wp_target.has_backupbuddy? - puts red("[!] BackupBuddy has been found") - puts ' |' - puts " | Location: #{wp_target.backupbuddy_url}" - puts ' | ' + red('* Reference: http://seclists.org/fulldisclosure/2013/Mar/206') - puts - end - if wp_target.is_multisite? puts green('[+]') + ' This site seems to be a multisite (http://codex.wordpress.org/Glossary#Multisite)' end diff --git a/wpscan.rb b/wpscan.rb index 9b13bd07..d21e5726 100755 --- a/wpscan.rb +++ b/wpscan.rb @@ -24,4 +24,4 @@ $: << '.' require File.dirname(__FILE__) + '/lib/wpscan/wpscan_helper' require File.dirname(__FILE__) + '/main' -main() \ No newline at end of file +main()