locate searchreplacedb2.php. this file reads database credentials

lib/wpscan/wp_target.rb

@@ -123,6 +123,17 @@ class WpTarget
     @uri.merge("#{wp_content_dir()}/debug.log").to_s
   end
 
+  # Script for replacing strings in wordpress databases
+  # reveals databse credentials after hitting submit
+  def search_replace_db_2_url
+    @uri.merge("searchreplacedb2.php").to_s
+  end
+
+  def search_replace_db_2_exists?
+    resp = Browser.instance.get(search_replace_db_2_url)
+    resp.status == 200 && resp.body[%r{by interconnect}i]
+  end
+
   # Should check wp-login.php if registration is enabled or not
   def registration_enabled?
     # TODO

wpscan.rb

@@ -131,6 +131,10 @@ begin
     puts red("[!] A wp-config.php backup file has been found '#{file_url}'")
   end
 
+  if wp_target.search_replace_db_2_exists?
+    puts red("[!] searchreplacedb2.php has been found '#{wp_target.search_replace_db_2_url}'")
+  end
+
   if wp_target.has_malwares?
     malwares = wp_target.malwares
     puts red("[!]") + " #{malwares.size} malware(s) found :"