Support multiple references

2013-01-09 22:48:24 +01:00
parent 525491af89
commit a6ad818496
4 changed files with 20 additions and 9 deletions
--- a/data/plugin_vulns.xml
+++ b/data/plugin_vulns.xml
@@ -37,6 +37,7 @@ ryandewhurst at gmail
    <vulnerability>
      <title>Google Document Embedder Arbitrary File Disclosure</title>
      <reference>http://www.exploit-db.com/exploits/23970/</reference>
+      <reference>http://ceriksen.com/2013/01/03/wordpress-google-document-embedder-arbitrary-file-disclosure/</reference>
      <type>UNKNOWN</type>
    </vulnerability>
  </plugin>
--- a/lib/wpscan/vulnerable.rb
+++ b/lib/wpscan/vulnerable.rb
@@ -31,7 +31,7 @@ class Vulnerable
    xml.xpath(@vulns_xpath).each do |node|
      vulnerabilities << WpVulnerability.new(
        node.search("title").text,
-        node.search("reference").text,
+        node.search("reference").map(&:text),
        node.search("type").text
      )
    end
--- a/lib/wpscan/wp_vulnerability.rb
+++ b/lib/wpscan/wp_vulnerability.rb
@@ -17,11 +17,11 @@
 #++

 class WpVulnerability
-  attr_accessor :title, :reference, :type
+  attr_accessor :title, :references, :type

-  def initialize(title, reference, type)
+  def initialize(title, references, type)
    @title      = title
-    @reference  = reference
+    @references = references
    @type       = type
  end
 end
--- a/wpscan.rb
+++ b/wpscan.rb
@@ -114,7 +114,9 @@ begin
      theme_vulnerabilities.each do |vulnerability|
        puts
        puts " | " + red("* Title: #{vulnerability.title}")
-        puts " | " + red("* Reference: #{vulnerability.reference}")
+        vulnerability.references.each do |r|
+          puts " | " + red("* Reference: #{r}")
+        end
      end
      puts
    end
@@ -175,7 +177,9 @@ begin
      version_vulnerabilities.each do |vulnerability|
        puts
        puts " | " + red("* Title: #{vulnerability.title}")
-        puts " | " + red("* Reference: #{vulnerability.reference}")
+        vulnerability.references.each do |r|
+          puts " | " + red("* Reference: #{r}")
+        end
      end
    end
  end
@@ -196,7 +200,9 @@ begin
        plugin.vulnerabilities.each do |vulnerability|
          puts " |"
          puts " | " + red("[!] #{vulnerability.title}")
-          puts " | " + red("* Reference: #{vulnerability.reference}")
+          vulnerability.references.each do |r|
+            puts " | " + red("* Reference: #{r}")
+          end
        end
      end
    else
@@ -242,7 +248,9 @@ begin

          puts " |"
          puts " | " + red("[!] #{vulnerability.title}")
-          puts " | " + red("* Reference: #{vulnerability.reference}")
+          vulnerability.references.each do |r|
+            puts " | " + red("* Reference: #{r}")
+          end

          # This has been commented out as MSF are moving from
          # XML-RPC to MessagePack.
@@ -297,7 +305,9 @@ begin
        theme.vulnerabilities.each do |vulnerability|
          puts " |"
          puts " | " + red("[!] #{vulnerability.title}")
-          puts " | " + red("* Reference: #{vulnerability.reference}")
+          vulnerability.references.each do |r|
+            puts " | " + red("* Reference: #{r}")
+          end

          # This has been commented out as MSF are moving from
          # XML-RPC to MessagePack.