From 964f542ce3c70477c55d88934453715f3fa1c454 Mon Sep 17 00:00:00 2001 From: ethicalhack3r Date: Wed, 7 Nov 2012 14:06:15 +0100 Subject: [PATCH] Removed global request URI.encode. Added URI.encode on wp --- lib/browser.rb | 2 +- lib/wpscan/wp_item.rb | 8 ++++---- lib/wpstools/parse_svn.rb | 4 ++-- spec/lib/wpscan/modules/wp_config_backup_spec.rb | 6 +++--- 4 files changed, 10 insertions(+), 10 deletions(-) diff --git a/lib/browser.rb b/lib/browser.rb index 68072c01..9daae9b7 100644 --- a/lib/browser.rb +++ b/lib/browser.rb @@ -141,7 +141,7 @@ class Browser def forge_request(url, params = {}) Typhoeus::Request.new( - URI.encode(url.to_s), + url.to_s, merge_request_params(params) ) end diff --git a/lib/wpscan/wp_item.rb b/lib/wpscan/wp_item.rb index 47d33928..f0dc0689 100644 --- a/lib/wpscan/wp_item.rb +++ b/lib/wpscan/wp_item.rb @@ -62,12 +62,12 @@ class WpItem < Vulnerable path = @path.sub(/^\//, "") if type =="plugins" # plugins can be outside of wp-content. wp_content_dir included in wp_plugins_dir - ret = URI.parse("#{url}#@wp_plugins_dir/#{path}") + ret = URI.parse(URI.encode("#{url}#@wp_plugins_dir/#{path}")) elsif type == "timthumbs" # timthumbs have folder in path variable - ret = URI.parse("#{url}#{wp_content_dir}/#{path}") + ret = URI.parse(URI.encode("#{url}#{wp_content_dir}/#{path}")) else - ret = URI.parse("#{url}#{wp_content_dir}/#{get_sub_folder}/#{path}") + ret = URI.parse(URI.encode("#{url}#{wp_content_dir}/#{get_sub_folder}/#{path}")) end ret end @@ -79,7 +79,7 @@ class WpItem < Vulnerable unless valid_location_url valid_location_url = add_trailing_slash(location_url) end - URI.parse(valid_location_url) + URI.parse(URI.encode(valid_location_url)) end # Returns version number from readme.txt if it exists diff --git a/lib/wpstools/parse_svn.rb b/lib/wpstools/parse_svn.rb index 835909f2..49803868 100644 --- a/lib/wpstools/parse_svn.rb +++ b/lib/wpstools/parse_svn.rb @@ -59,7 +59,7 @@ class Svn_Parser # First get all trunk or version directories dirs.each do |dir| svnurl = @svn_root + dir + "/" - request = @svn_browser.forge_request(svnurl) + request = @svn_browser.forge_request(URI.encode(svnurl)) request.on_complete do |response| # trunk folder present if contains_trunk(response) @@ -97,7 +97,7 @@ class Svn_Parser queue_count = 0 dirs.each do |dir| url = @svn_root + dir[:name] + "/" + dir[:folder] + "/" - request = @svn_browser.forge_request(url) + request = @svn_browser.forge_request(URI.encode(url)) request.on_complete do |response| puts "[+] Parsing url #{url} [#{response.code.to_s}]" if @verbose file = response.body[%r{
  • .+
    • }i, 1] diff --git a/spec/lib/wpscan/modules/wp_config_backup_spec.rb b/spec/lib/wpscan/modules/wp_config_backup_spec.rb index 02a9669c..8862d9f0 100644 --- a/spec/lib/wpscan/modules/wp_config_backup_spec.rb +++ b/spec/lib/wpscan/modules/wp_config_backup_spec.rb @@ -31,7 +31,7 @@ shared_examples_for "WpConfigBackup" do # set all @config_backup_files to point to a 404 before :each do @config_backup_files.each do |backup_file| - file_url = @module.uri.merge(URI.escape(backup_file)).to_s + file_url = @module.uri.merge(URI.encode(backup_file)).to_s stub_request(:get, file_url). to_return(:status => 404, :body => "") @@ -46,7 +46,7 @@ shared_examples_for "WpConfigBackup" do expected = [] @config_backup_files.sample(1).each do |backup_file| - file_url = @module.uri.merge(URI.escape(backup_file)).to_s + file_url = @module.uri.merge(backup_file).to_s expected << file_url stub_request(:get, file_url). @@ -63,7 +63,7 @@ shared_examples_for "WpConfigBackup" do expected = [] @config_backup_files.sample(2).each do |backup_file| - file_url = @module.uri.merge(URI.escape(backup_file)).to_s + file_url = @module.uri.merge(backup_file).to_s expected << file_url stub_request(:get, file_url).