diff --git a/lib/wpscan/target/platform/wordpress/custom_directories.rb b/lib/wpscan/target/platform/wordpress/custom_directories.rb index a756b958..a69aac47 100644 --- a/lib/wpscan/target/platform/wordpress/custom_directories.rb +++ b/lib/wpscan/target/platform/wordpress/custom_directories.rb @@ -15,11 +15,15 @@ module WPScan def content_dir unless @content_dir escaped_url = Regexp.escape(url).gsub(/https?/i, 'https?') - pattern = %r{#{escaped_url}(.+?)\/(?:themes|plugins|uploads|cache)\/}i + pattern = %r{#{escaped_url}([^\/]+)\/(?:themes|plugins|uploads|cache)\/}i in_scope_urls(homepage_res) do |url| return @content_dir = Regexp.last_match[1] if url.match(pattern) end + + xpath_pattern_from_page('//script[not(@src)]', pattern, homepage_res) do |match| + return @content_dir = match[1] + end end @content_dir diff --git a/spec/fixtures/target/platform/wordpress/custom_directories/in_raw_js.html b/spec/fixtures/target/platform/wordpress/custom_directories/in_raw_js.html new file mode 100644 index 00000000..b51dbcec --- /dev/null +++ b/spec/fixtures/target/platform/wordpress/custom_directories/in_raw_js.html @@ -0,0 +1,2 @@ + diff --git a/spec/shared_examples/target/platform/wordpress/custom_directories.rb b/spec/shared_examples/target/platform/wordpress/custom_directories.rb index 90418ed4..9d4cfe67 100644 --- a/spec/shared_examples/target/platform/wordpress/custom_directories.rb +++ b/spec/shared_examples/target/platform/wordpress/custom_directories.rb @@ -4,7 +4,8 @@ shared_examples 'WordPress::CustomDirectories' do describe '#content_dir' do { default: 'wp-content', https: 'wp-content', custom_w_spaces: 'custom content spaces', - relative_one: 'wp-content', relative_two: 'wp-content', cache: 'wp-content' + relative_one: 'wp-content', relative_two: 'wp-content', cache: 'wp-content', + in_raw_js: 'wp-content', with_sub_dir: 'app' }.each do |file, expected| it "returns #{expected} for #{file}.html" do stub_request(:get, target.url).to_return(body: File.read(fixtures.join("#{file}.html")))