garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

more xsd

Browse Source
This commit is contained in:
Christian Mehlmauer
2013-01-21 22:27:50 +01:00
parent e5ef6436b9
commit b6de620529
5 changed files with 89 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

51
data/local_vulnerable_files.xml
View File

@@ -1,36 +1,30 @@
<?xml version="1.0" encoding="UTF-8"?> <?xml version="1.0" encoding="UTF-8"?>
<!-- <!--
WPScan - WordPress Security Scanner # WPScan - WordPress Security Scanner
Copyright (C) 2011 Ryan Dewhurst AKA ethicalhack3r # Copyright (C) 2012-2013
#
This program is free software: you can redistribute it and/or modify # This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by # it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or # the Free Software Foundation, either version 3 of the License, or
(at your option) any later version. # (at your option) any later version.
#
This program is distributed in the hope that it will be useful, # This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of # but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details. # GNU General Public License for more details.
#
You should have received a copy of the GNU General Public License # You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>. # along with this program. If not, see <http://www.gnu.org/licenses/>.
ryandewhurst at gmail
<hash sha1="">
<title></title>
<file></file>
<reference></reference>
</hash>
PS : Only he following extensions are scanned : js, php, swf, html, htm
If you want to add one, modify the variable file_extension_to_scan, line 191 in wpstools.rb
--> -->
<hashes> <!--
Only he following extensions are scanned : js, php, swf, html, htm
If you want to add one, modify the variable file_extension_to_scan, line 191 in wpstools.rb
-->
<hashes xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="local_vulnerable_files.xsd">
<hash sha1="17c372678aafb3bc1a7b37320b5cc1d8af433527"> <hash sha1="17c372678aafb3bc1a7b37320b5cc1d8af433527">
<title>XSS in swfupload.swf</title> <title>XSS in swfupload.swf</title>
@@ -70,4 +64,3 @@ ryandewhurst at gmail
</hash> </hash>
</hashes> </hashes>

54
data/local_vulnerable_files.xsd Normal file
View File

@@ -0,0 +1,54 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
# WPScan - WordPress Security Scanner
# Copyright (C) 2012-2013
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
-->
<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:simpleType name="stringtype">
<xs:restriction base="xs:string"/>
</xs:simpleType>
<xs:simpleType name="uritype">
<xs:restriction base="xs:anyURI"/>
</xs:simpleType>
<xs:simpleType name="sha1type">
<xs:restriction base="stringtype">
<xs:pattern value="[0-9a-f]{40}"/>
</xs:restriction>
</xs:simpleType>
<xs:complexType name="hashtype">
<xs:sequence minOccurs="1" maxOccurs="1">
<xs:element name="title" type="stringtype"/>
<xs:element name="file" type="stringtype"/>
<xs:element name="reference" type="uritype"/>
</xs:sequence>
<xs:attribute type="sha1type" name="sha1" use="required"/>
</xs:complexType>
<xs:element name="hashes">
<xs:complexType>
<xs:sequence>
<xs:element name="hash" type="hashtype" maxOccurs="unbounded" minOccurs="1"/>
</xs:sequence>
</xs:complexType>
</xs:element>
</xs:schema>

6
data/vuln.xsd
View File

@@ -24,6 +24,10 @@
<xs:restriction base="xs:string"/> <xs:restriction base="xs:string"/>
</xs:simpleType> </xs:simpleType>
<xs:simpleType name="uritype">
<xs:restriction base="xs:anyURI"/>
</xs:simpleType>
<xs:simpleType name="typetype"> <xs:simpleType name="typetype">
<xs:restriction base="xs:string"> <xs:restriction base="xs:string">
<xs:enumeration value="SQLI"/> <xs:enumeration value="SQLI"/>
@@ -58,7 +62,7 @@
<xs:complexType name="vulntype"> <xs:complexType name="vulntype">
<xs:sequence minOccurs="1" maxOccurs="1"> <xs:sequence minOccurs="1" maxOccurs="1">
<xs:element name="title" type="stringtype"/> <xs:element name="title" type="stringtype"/>
<xs:element name="reference" type="stringtype" maxOccurs="unbounded" minOccurs="1"/> <xs:element name="reference" type="uritype" maxOccurs="unbounded" minOccurs="1"/>
<xs:element name="metasploit" type="stringtype" maxOccurs="unbounded" minOccurs="0"/> <xs:element name="metasploit" type="stringtype" maxOccurs="unbounded" minOccurs="0"/>
<xs:element name="type" type="typetype"/> <xs:element name="type" type="typetype"/>
</xs:sequence> </xs:sequence>

1
lib/common_helper.rb
View File

@@ -43,6 +43,7 @@ WP_VERSIONS_FILE = DATA_DIR + "/wp_versions.xml"
LOCAL_FILES_FILE = DATA_DIR + "/local_vulnerable_files.xml" LOCAL_FILES_FILE = DATA_DIR + "/local_vulnerable_files.xml"
VULNS_XSD = DATA_DIR + "/vuln.xsd" VULNS_XSD = DATA_DIR + "/vuln.xsd"
WP_VERSIONS_XSD = DATA_DIR + "/wp_versions.xsd" WP_VERSIONS_XSD = DATA_DIR + "/wp_versions.xsd"
LOCAL_FILES_XSD = DATA_DIR + "/local_vulnerable_files.xsd"
WPSCAN_VERSION = "2.0" WPSCAN_VERSION = "2.0"

19
spec/xml_checks_spec.rb
View File

@@ -23,20 +23,15 @@ describe "XML checks" do
after :each do after :each do
FileTest.exists?(@file).should be_true FileTest.exists?(@file).should be_true
if @xsd xsd = Nokogiri::XML::Schema(File.read(@xsd))
xsd = Nokogiri::XML::Schema(File.read(@xsd)) doc = Nokogiri::XML(File.read(@file))
doc = Nokogiri::XML(File.read(@file))
errors = [] errors = []
xsd.validate(doc).each do |error| xsd.validate(doc).each do |error|
errors << error.message errors << error.message
end
errors.should === []
else
expect { Nokogiri::XML(File.read(@file)) { |config| config.strict } }.to_not raise_error
end end
errors.should === []
end end
it "check plugin_vulns.xml for syntax errors" do it "check plugin_vulns.xml for syntax errors" do
@@ -61,6 +56,6 @@ describe "XML checks" do
it "check local_vulnerable_files.xml for syntax errors" do it "check local_vulnerable_files.xml for syntax errors" do
@file = LOCAL_FILES_FILE @file = LOCAL_FILES_FILE
@xsd = nil @xsd = LOCAL_FILES_XSD
end end
end end