Checks for wp-content directly (depends on detection-mode) when not identified passively

2019-04-12 13:55:40 +01:00
parent 86eb5d2d57
commit ae343b8cb0
5 changed files with 71 additions and 5 deletions
--- a/lib/wpscan/target/platform/wordpress/custom_directories.rb
+++ b/lib/wpscan/target/platform/wordpress/custom_directories.rb
@@ -13,8 +13,9 @@ module WPScan
          @plugins_dir = dir.chomp('/')
        end

+        # @param [ Symbol ] detection_mode
        # @return [ String ] The wp-content directory
-        def content_dir
+        def content_dir(detection_mode = :mixed)
          unless @content_dir
            escaped_url = Regexp.escape(url).gsub(/https?/i, 'https?')
            pattern     = %r{#{escaped_url}([\w\s\-\/]+)\/(?:themes|plugins|uploads|cache)\/}i
@@ -26,11 +27,21 @@ module WPScan
            xpath_pattern_from_page('//script[not(@src)]', pattern, homepage_res) do |match|
              return @content_dir = match[1]
            end
+
+            unless detection_mode == :passive
+              return @content_dir = 'wp-content' if default_content_dir_exists?
+            end
          end

          @content_dir
        end

+        def default_content_dir_exists?
+          # url('wp-content') can't be used here as the folder has not yet been identified
+          # and the method would try to replace it by nil which would raise an error
+          [200, 401, 403].include?(Browser.forge_request(uri.join('wp-content/').to_s, head_or_get_params).run.code)
+        end
+
        # @return [ Addressable::URI ]
        def content_uri
          uri.join("#{content_dir}/")
--- a/lib/wpscan/version.rb
+++ b/lib/wpscan/version.rb
@@ -2,5 +2,5 @@

 # Version
 module WPScan
-  VERSION = '3.5.2'
+  VERSION = '3.5.3'
 end