garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

locate searchreplacedb2.php. this file reads database credentials

Browse Source
This commit is contained in:
Christian Mehlmauer
2012-09-24 14:39:05 +02:00
parent db1303caa5
commit b4655e7d5a
2 changed files with 15 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
lib/wpscan/wp_target.rb
View File

@@ -123,6 +123,17 @@ class WpTarget
@uri.merge("#{wp_content_dir()}/debug.log").to_s @uri.merge("#{wp_content_dir()}/debug.log").to_s
end end
# Script for replacing strings in wordpress databases
# reveals databse credentials after hitting submit
def search_replace_db_2_url
@uri.merge("searchreplacedb2.php").to_s
end
def search_replace_db_2_exists?
resp = Browser.instance.get(search_replace_db_2_url)
resp.status == 200 && resp.body[%r{by interconnect}i]
end
# Should check wp-login.php if registration is enabled or not # Should check wp-login.php if registration is enabled or not
def registration_enabled? def registration_enabled?
# TODO # TODO

4
wpscan.rb
View File

@@ -131,6 +131,10 @@ begin
puts red("[!] A wp-config.php backup file has been found '#{file_url}'") puts red("[!] A wp-config.php backup file has been found '#{file_url}'")
end end
if wp_target.search_replace_db_2_exists?
puts red("[!] searchreplacedb2.php has been found '#{wp_target.search_replace_db_2_url}'")
end
if wp_target.has_malwares? if wp_target.has_malwares?
malwares = wp_target.malwares malwares = wp_target.malwares
puts red("[!]") + " #{malwares.size} malware(s) found :" puts red("[!]") + " #{malwares.size} malware(s) found :"