From 93972d480396b81ce8805341cdcc37acf2944c59 Mon Sep 17 00:00:00 2001 From: Erwan Date: Sun, 29 Jul 2012 14:32:32 +0200 Subject: [PATCH] Fix #3 Checking for the debug.log in wp-content --- lib/wpscan/wp_target.rb | 8 +++++ .../wpscan/wp_target/debug_log/debug.log | 12 +++++++ spec/lib/wpscan/wp_target_spec.rb | 31 +++++++++++++++++-- wpscan.rb | 13 +++----- 4 files changed, 53 insertions(+), 11 deletions(-) create mode 100644 spec/fixtures/wpscan/wp_target/debug_log/debug.log diff --git a/lib/wpscan/wp_target.rb b/lib/wpscan/wp_target.rb index 408dfcd9..5394cf98 100644 --- a/lib/wpscan/wp_target.rb +++ b/lib/wpscan/wp_target.rb @@ -105,4 +105,12 @@ class WpTarget @wp_plugins_dir end + def has_debug_log? + Browser.instance.get(debug_log_url()).body[%r{error}i] ? true : false + end + + def debug_log_url + @uri.merge("#{wp_content_dir()}/debug.log").to_s + end + end diff --git a/spec/fixtures/wpscan/wp_target/debug_log/debug.log b/spec/fixtures/wpscan/wp_target/debug_log/debug.log new file mode 100644 index 00000000..17d1a2d6 --- /dev/null +++ b/spec/fixtures/wpscan/wp_target/debug_log/debug.log @@ -0,0 +1,12 @@ +[13-Jan-2009 01:53:25] PHP Fatal error: Class 'Log' not found in /home/****/public_html/svatba/wp-content/plugins/fbconnect/Log/null.php on line 19 +[13-Jan-2009 01:55:58] PHP Fatal error: Class 'Log' not found in /home/****/public_html/svatba/wp-content/plugins/fbconnect/Log/file.php on line 20 +[13-Jan-2009 02:13:34] PHP Fatal error: Class 'Log' not found in /home/****/public_html/svatba/wp-content/plugins/fbconnect/Log/error_log.php on line 19 +[15-Feb-2009 10:47:54] PHP Fatal error: Class 'Log' not found in /home/****/public_html/svatba/wp-content/plugins/fbconnect/Log/error_log.php on line 19 +[15-Feb-2009 11:36:15] PHP Fatal error: Class 'Log' not found in /home/****/public_html/svatba/wp-content/plugins/fbconnect/Log/null.php on line 19 +[15-Feb-2009 16:45:37] PHP Fatal error: Class 'Log' not found in /home/****/public_html/svatba/wp-content/plugins/fbconnect/Log/file.php on line 20 +[04-Mar-2009 18:54:31] PHP Fatal error: Class 'Log' not found in /home/****/public_html/svatba/wp-content/plugins/fbconnect/Log/file.php on line 20 +[21-Mar-2009 20:32:21] PHP Fatal error: Class 'Log' not found in /home/****/public_html/svatba/wp-content/plugins/fbconnect/Log/null.php on line 19 +[29-Mar-2009 16:25:40] PHP Fatal error: Class 'Log' not found in /home3/****/public_html/svatba/wp-content/plugins/fbconnect/Log/null.php on line 19 +[06-Apr-2009 01:17:56] PHP Fatal error: Class 'Log' not found in /home3/****/public_html/svatba/wp-content/plugins/fbconnect/Log/file.php on line 20 +[03-May-2009 00:07:57] PHP Fatal error: Class 'Log' not found in /home3/****/public_html/svatba/wp-content/plugins/fbconnect/Log/null.php on line 19 +[10-May-2009 05:57:57] PHP Fatal error: Class 'Log' not found in /home3/****/public_html/svatba/wp-content/plugins/fbconnect/Log/file.php on line 20 diff --git a/spec/lib/wpscan/wp_target_spec.rb b/spec/lib/wpscan/wp_target_spec.rb index e8aa1915..41870d13 100644 --- a/spec/lib/wpscan/wp_target_spec.rb +++ b/spec/lib/wpscan/wp_target_spec.rb @@ -109,8 +109,8 @@ describe WpTarget do it "should also check in src attributes" do @target_url = "http://lamp/wordpress-3.4.1" - @fixture = fixtures_dir + "/wordpress-3.4.1-in-src.htm" - @expected = "wp-content" + @fixture = fixtures_dir + "/wordpress-3.4.1-in-src.htm" + @expected = "wp-content" end end @@ -132,4 +132,31 @@ describe WpTarget do @expected = "wp-content/plugins" end end + + describe "#debug_log_url" do + it "should return 'http://example.localhost/wp-content/debug.log" do + @wp_target.stub(:wp_content_dir => "wp-content") + @wp_target.debug_log_url.should === "http://example.localhost/wp-content/debug.log" + end + end + + describe "#has_debug_log?" do + let(:fixtures_dir) { SPEC_FIXTURES_WPSCAN_WP_TARGET_DIR + "/debug_log" } + + after :each do + @wp_target.stub(:wp_content_dir => "wp-content") + stub_request_to_fixture(:url => @wp_target.debug_log_url(), :fixture => @fixture) + @wp_target.has_debug_log?.should === @expected + end + + it "should return false" do + @fixture = SPEC_FIXTURES_DIR + "/empty-file" + @expected = false + end + + it "should return true" do + @fixture = fixtures_dir + "/debug.log" + @expected = true + end + end end diff --git a/wpscan.rb b/wpscan.rb index 1f8d8a02..d7e76b2b 100755 --- a/wpscan.rb +++ b/wpscan.rb @@ -91,7 +91,6 @@ begin puts "| Started on #{Time.now.asctime}" puts - # Can we identify the theme name? if wp_theme = wp_target.theme theme_version = wp_theme.version puts "[!] The WordPress theme in use is #{wp_theme}" @@ -108,22 +107,22 @@ begin end end - # Is the readme.html file there? if wp_target.has_readme? puts "[!] The WordPress '#{wp_target.readme_url}' file exists" end - # Full Path Disclosure (FPD)? if wp_target.has_full_path_disclosure? puts "[!] Full Path Disclosure (FPD) in '#{wp_target.full_path_disclosure_url}'" end - # Is the wp-config.php file backed up? + if wp_target.has_debug_log? + puts "[!] Debug log file found : #{wp_target.debug_log_url}" + end + wp_target.config_backup.each do |file_url| puts "[!] A wp-config.php backup file has been found '#{file_url}'" end - # Checking for malwares if wp_target.has_malwares? malwares = wp_target.malwares puts "[!] #{malwares.size} malware(s) found :" @@ -135,11 +134,9 @@ begin puts end - # Checking the version... if wp_version = wp_target.version puts "[!] WordPress version #{wp_version.number} identified from #{wp_version.discovery_method}" - # Are there any vulnerabilities associated with this version? version_vulnerabilities = wp_version.vulnerabilities unless version_vulnerabilities.empty? @@ -153,7 +150,6 @@ begin end end - # Plugins from passive detection puts print "[+] Enumerating plugins from passive detection ... " @@ -225,7 +221,6 @@ begin end end - # try to find timthumb files if wpscan_options.enumerate_timthumbs puts puts "[+] Enumerating timthumb files ..."