garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fixes #1642

Browse Source
This commit is contained in:
erwanlr
2021-05-18 12:05:27 +02:00
parent 98a71d3af6
commit c48be5e980
3 changed files with 49 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.rubocop.yml
View File

@@ -15,7 +15,7 @@ Lint/MissingSuper:
Lint/UriEscapeUnescape:
Enabled: false
Metrics/AbcSize:
Max: 25
Max: 27
Metrics/BlockLength:
Exclude:
- 'spec/**/*'

38
app/finders/db_exports/known_locations.rb
View File

@@ -40,11 +40,24 @@ module WPScan
# @return [ Hash ]
def potential_urls(opts = {})
urls = {}
index = 0
File.open(opts[:list]).each_with_index do |path, index|
path.gsub!('{domain_name}', domain_name)
File.open(opts[:list]).each do |path|
path.chomp!
urls[target.url(path.chomp)] = index
if path.include?('{domain_name}')
urls[target.url(path.gsub('{domain_name}', domain_name))] = index
if domain_name != domain_name_with_sub
urls[target.url(path.gsub('{domain_name}', domain_name_with_sub))] = index + 1
index += 1
end
else
urls[target.url(path)] = index
end
index += 1
end
urls
@@ -58,6 +71,25 @@ module WPScan
end
end
def domain_name_with_sub
@domain_name_with_sub ||=
if Resolv::AddressRegex.match?(target.uri.host)
target.uri.host
else
parsed = PublicSuffix.parse(target.uri.host)
if parsed.subdomain
parsed.subdomain.gsub(".#{parsed.tld}", '')
elsif parsed.domain
parsed.domain.gsub(".#{parsed.tld}", '')
else
target.uri.host
end
end
rescue PublicSuffix::DomainNotAllowed
@domain_name_with_sub = target.uri.host
end
def create_progress_bar(opts = {})
super(opts.merge(title: ' Checking DB Exports -'))
end

20
spec/app/finders/db_exports/known_locations_spec.rb
View File

@@ -12,7 +12,7 @@ describe WPScan::Finders::DbExports::KnownLocations do
allow(target).to receive(:sub_dir).and_return(false)
end
it 'replaces {domain_name} by its value' do
it 'replaces {domain_name} by its values' do
expect(finder.potential_urls(opts).keys).to eql %w[
http://ex.lo/aa/ex.sql
http://ex.lo/aa/wordpress.sql
@@ -27,8 +27,8 @@ describe WPScan::Finders::DbExports::KnownLocations do
context "when #{sub_domain} sub-domain" do
let(:url) { "https://#{sub_domain}.domain.tld" }
it 'replaces {domain_name} by its correct value' do
expect(finder.potential_urls(opts).keys).to include "#{url}/domain.sql"
it 'replaces {domain_name} by its correct values' do
expect(finder.potential_urls(opts).keys).to include "#{url}/domain.sql", "#{url}/#{sub_domain}.domain.sql"
end
end
end
@@ -44,16 +44,22 @@ describe WPScan::Finders::DbExports::KnownLocations do
context 'when multi-level tlds and sub-domain' do
let(:url) { 'https://dev.something.com.tr' }
it 'replaces {domain_name} by its correct value' do
expect(finder.potential_urls(opts).keys).to include 'https://dev.something.com.tr/something.sql'
it 'replaces {domain_name} by its correct values' do
expect(finder.potential_urls(opts).keys).to include(
'https://dev.something.com.tr/something.sql',
'https://dev.something.com.tr/dev.something.sql'
)
end
end
context 'when some weird stuff' do
let(:url) { 'https://098f6bcd4621d373cade4e832627b4f6.aa-bb-ccc-dd.domain-test.com' }
it 'replaces {domain_name} by its correct value' do
expect(finder.potential_urls(opts).keys).to include "#{url}/domain-test.sql"
it 'replaces {domain_name} by its correct values' do
expect(finder.potential_urls(opts).keys).to include(
"#{url}/domain-test.sql",
"#{url}/098f6bcd4621d373cade4e832627b4f6.aa-bb-ccc-dd.domain-test.sql"
)
end
end