garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Removed global request URI.encode. Added URI.encode on wp

Browse Source
This commit is contained in:
ethicalhack3r
2012-11-07 14:06:15 +01:00
parent 9e534fd95d
commit 964f542ce3
4 changed files with 10 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/browser.rb
View File

@@ -141,7 +141,7 @@ class Browser
def forge_request(url, params = {})
Typhoeus::Request.new(
URI.encode(url.to_s),
url.to_s,
merge_request_params(params)
)
end

8
lib/wpscan/wp_item.rb
View File

@@ -62,12 +62,12 @@ class WpItem < Vulnerable
path = @path.sub(/^\//, "")
if type =="plugins"
# plugins can be outside of wp-content. wp_content_dir included in wp_plugins_dir
ret = URI.parse("#{url}#@wp_plugins_dir/#{path}")
ret = URI.parse(URI.encode("#{url}#@wp_plugins_dir/#{path}"))
elsif type == "timthumbs"
# timthumbs have folder in path variable
ret = URI.parse("#{url}#{wp_content_dir}/#{path}")
ret = URI.parse(URI.encode("#{url}#{wp_content_dir}/#{path}"))
else
ret = URI.parse("#{url}#{wp_content_dir}/#{get_sub_folder}/#{path}")
ret = URI.parse(URI.encode("#{url}#{wp_content_dir}/#{get_sub_folder}/#{path}"))
end
ret
end
@@ -79,7 +79,7 @@ class WpItem < Vulnerable
unless valid_location_url
valid_location_url = add_trailing_slash(location_url)
end
URI.parse(valid_location_url)
URI.parse(URI.encode(valid_location_url))
end
# Returns version number from readme.txt if it exists

4
lib/wpstools/parse_svn.rb
View File

@@ -59,7 +59,7 @@ class Svn_Parser
# First get all trunk or version directories
dirs.each do |dir|
svnurl = @svn_root + dir + "/"
request = @svn_browser.forge_request(svnurl)
request = @svn_browser.forge_request(URI.encode(svnurl))
request.on_complete do |response|
# trunk folder present
if contains_trunk(response)
@@ -97,7 +97,7 @@ class Svn_Parser
queue_count = 0
dirs.each do |dir|
url = @svn_root + dir[:name] + "/" + dir[:folder] + "/"
request = @svn_browser.forge_request(url)
request = @svn_browser.forge_request(URI.encode(url))
request.on_complete do |response|
puts "[+] Parsing url #{url} [#{response.code.to_s}]" if @verbose
file = response.body[%r{<li><a href="(.+\.[^/]+)">.+</a></li>}i, 1]