bugfixing
This commit is contained in:
Christian Mehlmauer
@@ -79,7 +79,7 @@ class WpEnumerator
|
||||
plugins_file = options[:file] || "#{DATA_DIR}/plugins.txt"
|
||||
plugin_vulns_file = options[:vulns_file] || "#{DATA_DIR}/plugin_vulns.xml"
|
||||
wp_content_dir = options[:wp_content_dir]
|
||||
url = options[:base_url]
|
||||
url = options[:url]
|
||||
type = options[:type]
|
||||
targets_url = []
|
||||
|
||||
@@ -87,7 +87,7 @@ class WpEnumerator
|
||||
# Open and parse the 'most popular' plugin list...
|
||||
File.open(plugins_file, 'r') do |file|
|
||||
file.readlines.collect do |line|
|
||||
targets_url << WpPlugin.new(:base_url => url, :path => line.strip, :wp_content_dir => wp_content_dir)
|
||||
targets_url << WpPlugin.new(:url => url, :path => line.strip, :wp_content_dir => wp_content_dir)
|
||||
end
|
||||
end
|
||||
end
|
||||
@@ -102,7 +102,7 @@ class WpEnumerator
|
||||
|
||||
if targets_url.grep(%r{/#{plugin_name}/}).empty?
|
||||
targets_url << WpPlugin.new(
|
||||
:base_url => url,
|
||||
:url => url,
|
||||
:path => "#{type}/#{plugin_name}",
|
||||
:wp_content_dir => wp_content_dir,
|
||||
:name => plugin_name
|
||||
|
||||
@@ -33,7 +33,7 @@ class WpOptions
|
||||
def self.get_empty_options
|
||||
options = {
|
||||
:url => "",
|
||||
:only_vulnerable_ones => true,
|
||||
:only_vulnerable_ones => false,
|
||||
:file => "",
|
||||
:vulns_file => "",
|
||||
:vulns_xpath => "",
|
||||
@@ -46,15 +46,15 @@ class WpOptions
|
||||
end
|
||||
|
||||
def self.check_options(options)
|
||||
raise("url must be set") unless options[:url]
|
||||
raise("only_vulnerable_ones must be set") unless options[:only_vulnerable_ones]
|
||||
raise("file must be set") unless options[:file]
|
||||
raise("vulns_file must be set") unless options[:vulns_file]
|
||||
raise("vulns_xpath must be set") unless options[:vulns_xpath]
|
||||
raise("wp_content_dir must be set") unless options[:wp_content_dir]
|
||||
raise("show_progress_bar must be set") unless options[:show_progress_bar]
|
||||
raise("error_404_hash must be set") unless options[:error_404_hash]
|
||||
raise("type must be set") unless options[:type]
|
||||
raise("url must be set") unless options[:url] != nil and options[:url].to_s.length > 0
|
||||
raise("only_vulnerable_ones must be set") unless options[:only_vulnerable_ones] != nil
|
||||
raise("file must be set") unless options[:file] != nil and options[:file].length > 0
|
||||
raise("vulns_file must be set") unless options[:vulns_file] != nil and options[:vulns_file].length > 0
|
||||
raise("vulns_xpath must be set") unless options[:vulns_xpath] != nil and options[:vulns_xpath].length > 0
|
||||
raise("wp_content_dir must be set") unless options[:wp_content_dir] != nil and options[:wp_content_dir].length > 0
|
||||
raise("show_progress_bar must be set") unless options[:show_progress_bar] != nil
|
||||
raise("error_404_hash must be set") unless options[:error_404_hash] != nil and options[:error_404_hash].length > 0
|
||||
raise("type must be set") unless options[:type] != nil and options[:type].length > 0
|
||||
|
||||
unless options[:type] =~ /plugins/i or options[:type] =~ /themes/i
|
||||
raise("Unknown type #{options[:type]}")
|
||||
|
||||
@@ -22,7 +22,7 @@ class WpPlugin < Vulnerable
|
||||
include WpItem
|
||||
|
||||
def initialize(options = {})
|
||||
@base_url = options[:base_url]
|
||||
@base_url = options[:url]
|
||||
@path = options[:path]
|
||||
@wp_content_dir = options[:wp_content_dir]
|
||||
@name = options[:name] || extract_name_from_url(get_url)
|
||||
|
||||
@@ -45,7 +45,12 @@ class WpscanOptions
|
||||
attr_accessor *ACCESSOR_OPTIONS
|
||||
|
||||
def initialize
|
||||
|
||||
@enumerate_plugins = false
|
||||
@enumerate_themes = false
|
||||
@enumerate_only_vulnerable_plugins = false
|
||||
@enumerate_only_vulnerable_themes = false
|
||||
@enumerate_timthumbs = false
|
||||
@enumerate_usernames = false
|
||||
end
|
||||
|
||||
def url=(url)
|
||||
|
||||
10
wpscan.rb
10
wpscan.rb
@@ -91,7 +91,7 @@ begin
|
||||
wp_theme = wp_target.theme
|
||||
if wp_theme
|
||||
theme_version = wp_theme.version
|
||||
puts "[!] The WordPress theme in use is #{wp_theme}"
|
||||
puts "[!] The WordPress theme in use is #{wp_theme}#{' v' + theme_version if theme_version}"
|
||||
|
||||
theme_vulnerabilities = wp_theme.vulnerabilities
|
||||
unless theme_vulnerabilities.empty?
|
||||
@@ -180,10 +180,11 @@ begin
|
||||
puts
|
||||
|
||||
options = WpOptions.get_empty_options
|
||||
options[:base_url] = wp_target.uri
|
||||
options[:only_vulnerable_ones] = wpscan_options.enumerate_only_vulnerable_plugins,
|
||||
options[:show_progress_bar] = true,
|
||||
options[:url] = wp_target.uri
|
||||
options[:only_vulnerable_ones] = wpscan_options.enumerate_only_vulnerable_plugins
|
||||
options[:show_progress_bar] = true
|
||||
options[:wp_content_dir] = wp_target.wp_content_dir
|
||||
options[:error_404_hash] = wp_target.error_404_hash
|
||||
|
||||
plugins = wp_target.plugins_from_aggressive_detection(options)
|
||||
unless plugins.empty?
|
||||
@@ -278,6 +279,7 @@ begin
|
||||
end
|
||||
|
||||
# Start the brute forcer
|
||||
bruteforce = false
|
||||
if wpscan_options.wordlist
|
||||
if wp_target.has_login_protection?
|
||||
|
||||
|
||||
Reference in New Issue
Block a user