garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fixes #140 xml_rpc_url in the body

Browse Source
This commit is contained in:
erwanlr
2013-03-05 13:49:47 +01:00
parent 5f584f92a7
commit b8ccfa23d9
4 changed files with 107 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
lib/wpscan/web_site.rb
View File

@@ -46,19 +46,31 @@ class WebSite
!xml_rpc_url.nil? !xml_rpc_url.nil?
end end
# See http://www.hixie.ch/specs/pingback/pingback-1.0#TOC2.3
def xml_rpc_url def xml_rpc_url
unless @xmlrpc_url unless @xmlrpc_url
@xmlrpc_url = xml_rpc_url_from_headers() || xml_rpc_url_from_body()
end
@xmlrpc_url
end
def xml_rpc_url_from_headers
headers = Browser.instance.get(@uri.to_s).headers_hash headers = Browser.instance.get(@uri.to_s).headers_hash
@xmlrpc_url = nil xmlrpc_url = nil
unless headers.nil? unless headers.nil?
pingback_url = headers['X-Pingback'] pingback_url = headers['X-Pingback']
unless pingback_url.nil? || pingback_url.empty? unless pingback_url.nil? || pingback_url.empty?
@xmlrpc_url = pingback_url xmlrpc_url = pingback_url
end end
end end
xmlrpc_url
end end
@xmlrpc_url
def xml_rpc_url_from_body
body = Browser.instance.get(@uri.to_s).body
body[%r{<link rel="pingback" href="([^"]+)" ?\/?>}, 1]
end end
# See if the remote url returns 30x redirect # See if the remote url returns 30x redirect

64
spec/lib/wpscan/web_site_spec.rb
View File

@@ -78,7 +78,7 @@ describe 'WebSite' do
end end
end end
describe '#xml_rpc_url' do describe '#xml_rpc_url_from_headers' do
context 'when the x-pingback is' do context 'when the x-pingback is' do
context 'correctly supplied' do context 'correctly supplied' do
@@ -87,14 +87,14 @@ describe 'WebSite' do
stub_request(:get, web_site.url). stub_request(:get, web_site.url).
to_return(status: 200, headers: { 'X-Pingback' => xmlrpc }) to_return(status: 200, headers: { 'X-Pingback' => xmlrpc })
web_site.xml_rpc_url.should === xmlrpc web_site.xml_rpc_url_from_headers.should === xmlrpc
end end
end end
context 'not supplied' do context 'not supplied' do
it 'returns nil' do it 'returns nil' do
stub_request(:get, web_site.url).to_return(status: 200) stub_request(:get, web_site.url).to_return(status: 200)
web_site.xml_rpc_url.should be_nil web_site.xml_rpc_url_from_headers.should be_nil
end end
context 'but there is another header field' do context 'but there is another header field' do
@@ -102,7 +102,7 @@ describe 'WebSite' do
stub_request(:get, web_site.url). stub_request(:get, web_site.url).
to_return(status:200, headers: { 'another-field' => 'which we do not care' }) to_return(status:200, headers: { 'another-field' => 'which we do not care' })
web_site.xml_rpc_url.should be_nil web_site.xml_rpc_url_from_headers.should be_nil
end end
end end
end end
@@ -112,13 +112,67 @@ describe 'WebSite' do
stub_request(:get, web_site.url). stub_request(:get, web_site.url).
to_return(status: 200, headers: { 'X-Pingback' => '' }) to_return(status: 200, headers: { 'X-Pingback' => '' })
web_site.xml_rpc_url.should be_nil web_site.xml_rpc_url_from_headers.should be_nil
end end
end end
end end
end end
describe '#xml_rpc_url_from_body' do
context 'when the pattern does not match' do
it 'returns nil' do
stub_request_to_fixture(url: web_site.url, fixture: fixtures_dir + '/xml_rpc_url/body_dont_match.html')
web_site.xml_rpc_url_from_body.should be_nil
end
end
context 'when the pattern match' do
it 'return the url' do
stub_request_to_fixture(url: web_site.url, fixture: fixtures_dir + '/xml_rpc_url/body_match.html')
web_site.xml_rpc_url_from_body.should == 'http://lamp/wordpress-3.5.1/xmlrpc.php'
end
end
end
describe '#xml_rpc_url' do
after :each do
web_site.xml_rpc_url.should === xmlrpc_url
end
context 'when found in the headers' do
let(:xmlrpc_url) { 'http://from-headers.localhost/xmlrpc.php' }
it 'returns the url' do
web_site.stub(xml_rpc_url_from_headers: xmlrpc_url)
end
end
context 'when found in the body' do
let(:xmlrpc_url) { 'http://from-body.localhost/xmlrpc.php' }
it 'returns the url' do
web_site.stub(
xml_rpc_url_from_headers: nil,
xml_rpc_url_from_body: xmlrpc_url
)
end
end
context 'when not found' do
let(:xmlrpc_url) { nil }
it 'returns nil' do
web_site.stub(
xml_rpc_url_from_headers: nil,
xml_rpc_url_from_body: nil
)
end
end
end
describe '#has_xml_rpc?' do describe '#has_xml_rpc?' do
it 'should return true' do it 'should return true' do
stub_request(:get, web_site.url). stub_request(:get, web_site.url).

13
spec/samples/wpscan/web_site/xml_rpc_url/body_dont_match.html Normal file
View File

@@ -0,0 +1,13 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head profile="http://gmpg.org/xfn/11">
<title>Wordpress 3.5.1</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta name="robots" content="index, follow" />
<meta name="description" content="Just a test blog" />
<link rel="stylesheet" type="text/css" href="http://lamp/wordpress-3.5.1/wp-content/themes/bueno/style.css" media="screen" />
</head>
</html>

14
spec/samples/wpscan/web_site/xml_rpc_url/body_match.html Normal file
View File

@@ -0,0 +1,14 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head profile="http://gmpg.org/xfn/11">
<title>Wordpress 3.5.1</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta name="robots" content="index, follow" />
<meta name="description" content="Just a test blog" />
<link rel="stylesheet" type="text/css" href="http://lamp/wordpress-3.5.1/wp-content/themes/bueno/style.css" media="screen" />
<link rel="pingback" href="http://lamp/wordpress-3.5.1/xmlrpc.php" />
</head>
</html>