diff --git a/app/finders/users/author_id_brute_forcing.rb b/app/finders/users/author_id_brute_forcing.rb index 9bbd0c4f..d7d1ca3b 100644 --- a/app/finders/users/author_id_brute_forcing.rb +++ b/app/finders/users/author_id_brute_forcing.rb @@ -97,9 +97,12 @@ module WPScan # @return [ String, nil ] def display_name_from_body(body) page = Nokogiri::HTML.parse(body) + # WP >= 3.0 page.css('h1.page-title span').each do |node| - return node.text.to_s + text = node.text.to_s.strip + + return text unless text.empty? end # WP < 3.0 diff --git a/spec/app/finders/users/author_id_brute_forcing_spec.rb b/spec/app/finders/users/author_id_brute_forcing_spec.rb index e1b9de24..517b7dcf 100644 --- a/spec/app/finders/users/author_id_brute_forcing_spec.rb +++ b/spec/app/finders/users/author_id_brute_forcing_spec.rb @@ -50,7 +50,7 @@ describe WPScan::Finders::Users::AuthorIdBruteForcing do end context 'when no display_name' do - ['4.1.1', '3.0', '2.9.2'].each do |file| + %w[4.9-span-tag 4.1.1 3.0 2.9.2].each do |file| it "returns nil for #{file}-empty.html" do body = File.read(fixtures.join("#{file}-empty.html")) diff --git a/spec/fixtures/finders/users/author_id_brute_forcing/4.9-span-tag-empty.html b/spec/fixtures/finders/users/author_id_brute_forcing/4.9-span-tag-empty.html new file mode 100644 index 00000000..3ab19c75 --- /dev/null +++ b/spec/fixtures/finders/users/author_id_brute_forcing/4.9-span-tag-empty.html @@ -0,0 +1,20 @@ + +
+
+
+
+ + +

+ + +
+
+
+
+
+
+
+
+
+