garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fixed issue #1759

Browse Source
This commit is contained in:
Kazuki Onishi
2023-06-18 14:57:44 +09:00
parent ea020aa8a5
commit 99fca11958
1 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
app/finders/db_exports/known_locations.rb
View File

@@ -7,6 +7,10 @@ module WPScan
class KnownLocations < CMSScanner::Finders::Finder class KnownLocations < CMSScanner::Finders::Finder
include CMSScanner::Finders::Finder::Enumerator include CMSScanner::Finders::Finder::Enumerator
def valid_response_codes
@valid_response_codes ||= [200, 206].freeze
end
SQL_PATTERN = /(?:DROP|(?:UN)?LOCK|CREATE|ALTER) (?:TABLE|DATABASE)|INSERT INTO/.freeze SQL_PATTERN = /(?:DROP|(?:UN)?LOCK|CREATE|ALTER) (?:TABLE|DATABASE)|INSERT INTO/.freeze
# @param [ Hash ] opts # @param [ Hash ] opts
@@ -17,7 +21,7 @@ module WPScan
def aggressive(opts = {}) def aggressive(opts = {})
found = [] found = []
enumerate(potential_urls(opts), opts.merge(check_full_response: 200)) do |res| enumerate(potential_urls(opts), opts.merge(check_full_response: [200, 206])) do |res|
if res.effective_url.end_with?('.zip') if res.effective_url.end_with?('.zip')
next unless %r{\Aapplication/zip}i.match?(res.headers['Content-Type']) next unless %r{\Aapplication/zip}i.match?(res.headers['Content-Type'])
else else