Fix #3 Checking for the debug.log in wp-content

lib/wpscan/wp_target.rb

@@ -105,4 +105,12 @@ class WpTarget
     @wp_plugins_dir
   end
 
+  def has_debug_log?
+    Browser.instance.get(debug_log_url()).body[%r{error}i] ? true : false
+  end
+
+  def debug_log_url
+    @uri.merge("#{wp_content_dir()}/debug.log").to_s
+  end
+
 end

spec/fixtures/wpscan/wp_target/debug_log/debug.log

@@ -0,0 +1,12 @@
+[13-Jan-2009 01:53:25] PHP Fatal error:  Class 'Log' not found in /home/****/public_html/svatba/wp-content/plugins/fbconnect/Log/null.php on line 19
+[13-Jan-2009 01:55:58] PHP Fatal error:  Class 'Log' not found in /home/****/public_html/svatba/wp-content/plugins/fbconnect/Log/file.php on line 20
+[13-Jan-2009 02:13:34] PHP Fatal error:  Class 'Log' not found in /home/****/public_html/svatba/wp-content/plugins/fbconnect/Log/error_log.php on line 19
+[15-Feb-2009 10:47:54] PHP Fatal error:  Class 'Log' not found in /home/****/public_html/svatba/wp-content/plugins/fbconnect/Log/error_log.php on line 19
+[15-Feb-2009 11:36:15] PHP Fatal error:  Class 'Log' not found in /home/****/public_html/svatba/wp-content/plugins/fbconnect/Log/null.php on line 19
+[15-Feb-2009 16:45:37] PHP Fatal error:  Class 'Log' not found in /home/****/public_html/svatba/wp-content/plugins/fbconnect/Log/file.php on line 20
+[04-Mar-2009 18:54:31] PHP Fatal error:  Class 'Log' not found in /home/****/public_html/svatba/wp-content/plugins/fbconnect/Log/file.php on line 20
+[21-Mar-2009 20:32:21] PHP Fatal error:  Class 'Log' not found in /home/****/public_html/svatba/wp-content/plugins/fbconnect/Log/null.php on line 19
+[29-Mar-2009 16:25:40] PHP Fatal error:  Class 'Log' not found in /home3/****/public_html/svatba/wp-content/plugins/fbconnect/Log/null.php on line 19
+[06-Apr-2009 01:17:56] PHP Fatal error:  Class 'Log' not found in /home3/****/public_html/svatba/wp-content/plugins/fbconnect/Log/file.php on line 20
+[03-May-2009 00:07:57] PHP Fatal error:  Class 'Log' not found in /home3/****/public_html/svatba/wp-content/plugins/fbconnect/Log/null.php on line 19
+[10-May-2009 05:57:57] PHP Fatal error:  Class 'Log' not found in /home3/****/public_html/svatba/wp-content/plugins/fbconnect/Log/file.php on line 20

spec/lib/wpscan/wp_target_spec.rb

@@ -109,8 +109,8 @@ describe WpTarget do
 
     it "should also check in src attributes" do
       @target_url = "http://lamp/wordpress-3.4.1"
-      @fixture = fixtures_dir + "/wordpress-3.4.1-in-src.htm"
+      @fixture    = fixtures_dir + "/wordpress-3.4.1-in-src.htm"
-      @expected = "wp-content"
+      @expected   = "wp-content"
     end
 
   end
@@ -132,4 +132,31 @@ describe WpTarget do
       @expected   = "wp-content/plugins"
     end
   end
+
+  describe "#debug_log_url" do
+    it "should return 'http://example.localhost/wp-content/debug.log" do
+      @wp_target.stub(:wp_content_dir => "wp-content")
+      @wp_target.debug_log_url.should === "http://example.localhost/wp-content/debug.log"
+    end
+  end
+
+  describe "#has_debug_log?" do
+    let(:fixtures_dir) { SPEC_FIXTURES_WPSCAN_WP_TARGET_DIR + "/debug_log" }
+
+    after :each do
+      @wp_target.stub(:wp_content_dir => "wp-content")
+      stub_request_to_fixture(:url => @wp_target.debug_log_url(), :fixture => @fixture)
+      @wp_target.has_debug_log?.should === @expected
+    end
+
+    it "should return false" do
+      @fixture  = SPEC_FIXTURES_DIR + "/empty-file"
+      @expected = false
+    end
+
+    it "should return true" do
+      @fixture  = fixtures_dir + "/debug.log"
+      @expected = true
+    end
+  end
 end

wpscan.rb

@@ -91,7 +91,6 @@ begin
   puts "| Started on #{Time.now.asctime}"
   puts
 
-  # Can we identify the theme name?
   if wp_theme = wp_target.theme
     theme_version = wp_theme.version
     puts "[!] The WordPress theme in use is #{wp_theme}"
@@ -108,22 +107,22 @@ begin
     end
   end
 
-  # Is the readme.html file there?
   if wp_target.has_readme?
     puts "[!] The WordPress '#{wp_target.readme_url}' file exists"
   end
 
-  # Full Path Disclosure (FPD)?
   if wp_target.has_full_path_disclosure?
     puts "[!] Full Path Disclosure (FPD) in '#{wp_target.full_path_disclosure_url}'"
   end
 
-  # Is the wp-config.php file backed up?
+  if wp_target.has_debug_log?
+    puts "[!] Debug log file found : #{wp_target.debug_log_url}"
+  end
+
   wp_target.config_backup.each do |file_url|
     puts "[!] A wp-config.php backup file has been found '#{file_url}'"
   end
 
-  # Checking for malwares
   if wp_target.has_malwares?
     malwares = wp_target.malwares
     puts "[!] #{malwares.size} malware(s) found :"
@@ -135,11 +134,9 @@ begin
     puts
   end
 
-  # Checking the version...
   if wp_version = wp_target.version
     puts "[!] WordPress version #{wp_version.number} identified from #{wp_version.discovery_method}"
 
-    # Are there any vulnerabilities associated with this version?
     version_vulnerabilities = wp_version.vulnerabilities
 
     unless version_vulnerabilities.empty?
@@ -153,7 +150,6 @@ begin
     end
   end
 
-  # Plugins from passive detection
   puts
   print "[+] Enumerating plugins from passive detection ... "
 
@@ -225,7 +221,6 @@ begin
     end
   end
 
-  # try to find timthumb files
   if wpscan_options.enumerate_timthumbs
     puts
     puts "[+] Enumerating timthumb files ..."