From a6ad818496582750cd8ec63a3bab6d197bb5687a Mon Sep 17 00:00:00 2001 From: Christian Mehlmauer Date: Wed, 9 Jan 2013 22:48:24 +0100 Subject: [PATCH] Support multiple references --- data/plugin_vulns.xml | 1 + lib/wpscan/vulnerable.rb | 2 +- lib/wpscan/wp_vulnerability.rb | 6 +++--- wpscan.rb | 20 +++++++++++++++----- 4 files changed, 20 insertions(+), 9 deletions(-) diff --git a/data/plugin_vulns.xml b/data/plugin_vulns.xml index 815f9db6..6ac429f8 100644 --- a/data/plugin_vulns.xml +++ b/data/plugin_vulns.xml @@ -37,6 +37,7 @@ ryandewhurst at gmail Google Document Embedder Arbitrary File Disclosure http://www.exploit-db.com/exploits/23970/ + http://ceriksen.com/2013/01/03/wordpress-google-document-embedder-arbitrary-file-disclosure/ UNKNOWN diff --git a/lib/wpscan/vulnerable.rb b/lib/wpscan/vulnerable.rb index 67f6e9ab..8be68ecf 100644 --- a/lib/wpscan/vulnerable.rb +++ b/lib/wpscan/vulnerable.rb @@ -31,7 +31,7 @@ class Vulnerable xml.xpath(@vulns_xpath).each do |node| vulnerabilities << WpVulnerability.new( node.search("title").text, - node.search("reference").text, + node.search("reference").map(&:text), node.search("type").text ) end diff --git a/lib/wpscan/wp_vulnerability.rb b/lib/wpscan/wp_vulnerability.rb index 4c40d212..eedb23ef 100644 --- a/lib/wpscan/wp_vulnerability.rb +++ b/lib/wpscan/wp_vulnerability.rb @@ -17,11 +17,11 @@ #++ class WpVulnerability - attr_accessor :title, :reference, :type + attr_accessor :title, :references, :type - def initialize(title, reference, type) + def initialize(title, references, type) @title = title - @reference = reference + @references = references @type = type end end diff --git a/wpscan.rb b/wpscan.rb index ca1c58ee..1c7389d7 100755 --- a/wpscan.rb +++ b/wpscan.rb @@ -114,7 +114,9 @@ begin theme_vulnerabilities.each do |vulnerability| puts puts " | " + red("* Title: #{vulnerability.title}") - puts " | " + red("* Reference: #{vulnerability.reference}") + vulnerability.references.each do |r| + puts " | " + red("* Reference: #{r}") + end end puts end @@ -175,7 +177,9 @@ begin version_vulnerabilities.each do |vulnerability| puts puts " | " + red("* Title: #{vulnerability.title}") - puts " | " + red("* Reference: #{vulnerability.reference}") + vulnerability.references.each do |r| + puts " | " + red("* Reference: #{r}") + end end end end @@ -196,7 +200,9 @@ begin plugin.vulnerabilities.each do |vulnerability| puts " |" puts " | " + red("[!] #{vulnerability.title}") - puts " | " + red("* Reference: #{vulnerability.reference}") + vulnerability.references.each do |r| + puts " | " + red("* Reference: #{r}") + end end end else @@ -242,7 +248,9 @@ begin puts " |" puts " | " + red("[!] #{vulnerability.title}") - puts " | " + red("* Reference: #{vulnerability.reference}") + vulnerability.references.each do |r| + puts " | " + red("* Reference: #{r}") + end # This has been commented out as MSF are moving from # XML-RPC to MessagePack. @@ -297,7 +305,9 @@ begin theme.vulnerabilities.each do |vulnerability| puts " |" puts " | " + red("[!] #{vulnerability.title}") - puts " | " + red("* Reference: #{vulnerability.reference}") + vulnerability.references.each do |r| + puts " | " + red("* Reference: #{r}") + end # This has been commented out as MSF are moving from # XML-RPC to MessagePack.