garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix #77 facebook.com detected as a custom wp-content directory

Browse Source
This commit is contained in:
erwanlr
2012-12-06 21:01:14 -06:00
parent dc6c8b2eb8
commit a7df9feabf
3 changed files with 19 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
lib/wpscan/wp_target.rb
View File

@@ -97,7 +97,8 @@ class WpTarget
if index_body[/\/wp-content\/(?:themes|plugins)\//i]
@wp_content_dir = "wp-content"
else
@wp_content_dir = index_body[/(?:href|src)\s*=\s*(?:"|').+#{Regexp.escape(uri_path)}([^"']+)\/(?:themes|plugins)\/.*(?:"|')/i, 1]
domains_excluded = "(?:www\.)?(facebook|twitter)\.com"
@wp_content_dir = index_body[/(?:href|src)\s*=\s*(?:"|').+#{Regexp.escape(uri_path)}((?!#{domains_excluded})[^"']+)\/(?:themes|plugins)\/.*(?:"|')/i, 1]
end
end
@wp_content_dir

11
spec/fixtures/wpscan/wp_target/wp_content_dir/facebook-detection.htm vendored Executable file
View File

@@ -0,0 +1,11 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head profile="http://gmpg.org/xfn/11">
<link rel="stylesheet" href="/template/css/prey.base.css" type="text/css" media="screen" />
<script type="text/javascript" src="/template/js/prey.public.js"></script>
</head>
<body id="home">
<iframe src="//www.facebook.com/plugins/like.php?href=lamp.localhost&amp;send=false&amp;layout=box_count&amp;width=100&amp;show_faces=false&amp;action=recommend&amp;colorscheme=light&amp;font&amp;height=90" scrolling="no" frameborder="0" style="border:none; overflow:hidden; width:100px; height:62px;" allowTransparency="true"></iframe>
</body>
</html>

6
spec/lib/wpscan/wp_target_spec.rb
View File

@@ -107,6 +107,7 @@ describe WpTarget do
@expected = "hello-world"
end
it "should return 'wp-content'" do
@target_url = "http://lamp/wordpress-3.4.1"
@fixture = fixtures_dir + "/wordpress-3.4.1.htm"
@@ -155,6 +156,11 @@ describe WpTarget do
@expected = "wp-content"
end
it "should not detect facebook.com as a custom wp-content directory" do
@target_url = "http://lamp.localhost/"
@fixture = fixtures_dir + "/facebook-detection.htm"
@expected = nil
end
end
describe "#wp_plugins_dir" do