garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix #18

Browse Source
This commit is contained in:
Erwan
2012-09-08 23:59:46 +02:00
parent 91cfa5a060
commit a0a1c24006
3 changed files with 21 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/wpscan/wp_theme.rb
View File

@@ -64,7 +64,7 @@ class WpTheme < Vulnerable
def self.find_from_css_link(target_uri) def self.find_from_css_link(target_uri)
response = Browser.instance.get(target_uri.to_s, :follow_location => true, :max_redirects => 2) response = Browser.instance.get(target_uri.to_s, :follow_location => true, :max_redirects => 2)
if matches = %r{https?://.*/themes/(.*)/style.css}i.match(response.body) if matches = %r{https?://[^"]+/themes/([^"]+)/style.css}i.match(response.body)
style_url = matches[0] style_url = matches[0]
theme_name = matches[1] theme_name = matches[1]

1
spec/fixtures/wpscan/wp_theme/find/css_link/inline_link_tag.html vendored Normal file
View File

@@ -0,0 +1 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="de-DE"><head profile="http://gmpg.org/xfn/11"><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>WP</title><link rel="stylesheet" href="https://localhost/sub/blog/wp-content/themes/inline/style.css" /></head></html>

28
spec/lib/wpscan/wp_theme_spec.rb
View File

@@ -32,6 +32,16 @@ describe WpTheme do
describe "#find_from_css_link" do describe "#find_from_css_link" do
let(:fixtures_dir) { SPEC_FIXTURES_WPSCAN_WP_THEME_DIR + "/find/css_link" } let(:fixtures_dir) { SPEC_FIXTURES_WPSCAN_WP_THEME_DIR + "/find/css_link" }
after :each do
if @expected_name
stub_request_to_fixture(:url => @target_uri.to_s, :fixture => @fixture)
wp_theme = WpTheme.find_from_css_link(@target_uri)
wp_theme.should be_a WpTheme
wp_theme.name.should === @expected_name
end
end
it "should return nil if no theme is present" do it "should return nil if no theme is present" do
stub_request(:get, @target_uri.to_s).to_return(:status => 200, :body => "") stub_request(:get, @target_uri.to_s).to_return(:status => 200, :body => "")
@@ -39,21 +49,21 @@ describe WpTheme do
end end
it "should return a WpTheme object with .name = twentyeleven" do it "should return a WpTheme object with .name = twentyeleven" do
stub_request_to_fixture(:url => @target_uri.to_s, :fixture => fixtures_dir + "/wordpress-twentyeleven.htm") @fixture = fixtures_dir + "/wordpress-twentyeleven.htm"
@expected_name = "twentyeleven"
wp_theme = WpTheme.find_from_css_link(@target_uri)
wp_theme.should be_a WpTheme
wp_theme.name.should === "twentyeleven"
end end
# http://code.google.com/p/wpscan/issues/detail?id=131 # http://code.google.com/p/wpscan/issues/detail?id=131
# Theme name with spaces raises bad URI(is not URI?) # Theme name with spaces raises bad URI(is not URI?)
it "should not raise an error if the theme name has spaces or special chars" do it "should not raise an error if the theme name has spaces or special chars" do
stub_request_to_fixture(:url => @target_uri.to_s, :fixture => fixtures_dir + "/theme-name-with-spaces.html") @fixture = fixtures_dir + "/theme-name-with-spaces.html"
@expected_name = "Copia di simplefolio"
end
wp_theme = WpTheme.find_from_css_link(@target_uri) # https://github.com/wpscanteam/wpscan/issues/18
wp_theme.should be_a WpTheme it "should get the theme if the <link> is inline with some other tags" do
wp_theme.name.should === "Copia di simplefolio" @fixture = fixtures_dir + "/inline_link_tag.html"
@expected_name = "inline"
end end
end end