From c5e6752f7584be6880c808360d04159116e3770c Mon Sep 17 00:00:00 2001 From: erwanlr Date: Fri, 2 Nov 2018 19:33:38 +0000 Subject: [PATCH] Fixes #1232 --- app/finders/interesting_findings/backup_db.rb | 2 +- app/finders/interesting_findings/debug_log.rb | 2 +- .../duplicator_installer_log.rb | 2 +- .../emergency_pwd_reset_script.rb | 2 +- .../full_path_disclosure.rb | 2 +- .../interesting_findings/mu_plugins.rb | 4 +- app/finders/interesting_findings/multisite.rb | 2 +- app/finders/interesting_findings/readme.rb | 2 +- .../interesting_findings/registration.rb | 2 +- .../interesting_findings/tmm_db_migrate.rb | 2 +- .../upload_directory_listing.rb | 2 +- .../interesting_findings/upload_sql_dump.rb | 2 +- app/models/interesting_finding.rb | 39 +++++++++++++++++++ .../interesting_findings/backup_db_spec.rb | 2 +- .../interesting_findings/debug_log_spec.rb | 2 +- .../duplicator_installer_log_spec.rb | 2 +- .../full_path_disclosure_spec.rb | 2 +- .../interesting_findings/readme_spec.rb | 2 +- .../upload_sql_dump_spec.rb | 2 +- wpscan.gemspec | 2 +- 20 files changed, 59 insertions(+), 20 deletions(-) diff --git a/app/finders/interesting_findings/backup_db.rb b/app/finders/interesting_findings/backup_db.rb index 1f231060..b48872b3 100644 --- a/app/finders/interesting_findings/backup_db.rb +++ b/app/finders/interesting_findings/backup_db.rb @@ -11,7 +11,7 @@ module WPScan return unless [200, 403].include?(res.code) && !target.homepage_or_404?(res) - WPScan::InterestingFinding.new( + WPScan::BackupDB.new( url, confidence: 70, found_by: DIRECT_ACCESS, diff --git a/app/finders/interesting_findings/debug_log.rb b/app/finders/interesting_findings/debug_log.rb index 826e19e0..3d69d2ee 100644 --- a/app/finders/interesting_findings/debug_log.rb +++ b/app/finders/interesting_findings/debug_log.rb @@ -9,7 +9,7 @@ module WPScan return unless target.debug_log?(path) - WPScan::InterestingFinding.new( + WPScan::DebugLog.new( target.url(path), confidence: 100, found_by: DIRECT_ACCESS ) diff --git a/app/finders/interesting_findings/duplicator_installer_log.rb b/app/finders/interesting_findings/duplicator_installer_log.rb index 2643ae3b..c80fce6b 100644 --- a/app/finders/interesting_findings/duplicator_installer_log.rb +++ b/app/finders/interesting_findings/duplicator_installer_log.rb @@ -10,7 +10,7 @@ module WPScan return unless res.body =~ /DUPLICATOR INSTALL-LOG/ - WPScan::InterestingFinding.new( + WPScan::DuplicatorInstallerLog.new( url, confidence: 100, found_by: DIRECT_ACCESS, diff --git a/app/finders/interesting_findings/emergency_pwd_reset_script.rb b/app/finders/interesting_findings/emergency_pwd_reset_script.rb index 39ba9392..f0bd95db 100644 --- a/app/finders/interesting_findings/emergency_pwd_reset_script.rb +++ b/app/finders/interesting_findings/emergency_pwd_reset_script.rb @@ -10,7 +10,7 @@ module WPScan return unless res.code == 200 && !target.homepage_or_404?(res) - WPScan::InterestingFinding.new( + WPScan::EmergencyPwdResetScript.new( url, confidence: res.body =~ /password/i ? 100 : 40, found_by: DIRECT_ACCESS, diff --git a/app/finders/interesting_findings/full_path_disclosure.rb b/app/finders/interesting_findings/full_path_disclosure.rb index e3624e60..d7aed4eb 100644 --- a/app/finders/interesting_findings/full_path_disclosure.rb +++ b/app/finders/interesting_findings/full_path_disclosure.rb @@ -10,7 +10,7 @@ module WPScan return if fpd_entries.empty? - WPScan::InterestingFinding.new( + WPScan::FullPathDisclosure.new( target.url(path), confidence: 100, found_by: DIRECT_ACCESS, diff --git a/app/finders/interesting_findings/mu_plugins.rb b/app/finders/interesting_findings/mu_plugins.rb index 9588a693..97ee038f 100644 --- a/app/finders/interesting_findings/mu_plugins.rb +++ b/app/finders/interesting_findings/mu_plugins.rb @@ -12,7 +12,7 @@ module WPScan url = target.url('wp-content/mu-plugins/') - return WPScan::InterestingFinding.new( + return WPScan::MuPlugins.new( url, confidence: 70, found_by: 'URLs In Homepage (Passive Detection)', @@ -35,7 +35,7 @@ module WPScan target.mu_plugins = true - WPScan::InterestingFinding.new( + WPScan::MuPlugins.new( url, confidence: 80, found_by: DIRECT_ACCESS, diff --git a/app/finders/interesting_findings/multisite.rb b/app/finders/interesting_findings/multisite.rb index 3fc0820b..1cae370f 100644 --- a/app/finders/interesting_findings/multisite.rb +++ b/app/finders/interesting_findings/multisite.rb @@ -15,7 +15,7 @@ module WPScan target.multisite = true - WPScan::InterestingFinding.new( + WPScan::Multisite.new( url, confidence: 100, found_by: DIRECT_ACCESS, diff --git a/app/finders/interesting_findings/readme.rb b/app/finders/interesting_findings/readme.rb index 0ff2c18f..db187b1f 100644 --- a/app/finders/interesting_findings/readme.rb +++ b/app/finders/interesting_findings/readme.rb @@ -10,7 +10,7 @@ module WPScan res = Browser.get(url) if res.code == 200 && res.body =~ /wordpress/i - return WPScan::InterestingFinding.new(url, confidence: 100, found_by: DIRECT_ACCESS) + return WPScan::Readme.new(url, confidence: 100, found_by: DIRECT_ACCESS) end end nil diff --git a/app/finders/interesting_findings/registration.rb b/app/finders/interesting_findings/registration.rb index 675e2d89..d8400349 100644 --- a/app/finders/interesting_findings/registration.rb +++ b/app/finders/interesting_findings/registration.rb @@ -18,7 +18,7 @@ module WPScan target.registration_enabled = true - WPScan::InterestingFinding.new( + WPScan::Registration.new( res.effective_url, confidence: 100, found_by: DIRECT_ACCESS, diff --git a/app/finders/interesting_findings/tmm_db_migrate.rb b/app/finders/interesting_findings/tmm_db_migrate.rb index 15a28df7..d388f6e0 100644 --- a/app/finders/interesting_findings/tmm_db_migrate.rb +++ b/app/finders/interesting_findings/tmm_db_migrate.rb @@ -11,7 +11,7 @@ module WPScan return unless res.code == 200 && res.headers['Content-Type'] =~ %r{\Aapplication/zip}i - WPScan::InterestingFinding.new( + WPScan::TmmDbMigrate.new( url, confidence: 100, found_by: DIRECT_ACCESS, diff --git a/app/finders/interesting_findings/upload_directory_listing.rb b/app/finders/interesting_findings/upload_directory_listing.rb index c359f042..3942ec9a 100644 --- a/app/finders/interesting_findings/upload_directory_listing.rb +++ b/app/finders/interesting_findings/upload_directory_listing.rb @@ -11,7 +11,7 @@ module WPScan url = target.url(path) - WPScan::InterestingFinding.new( + WPScan::UploadDirectoryListing.new( url, confidence: 100, found_by: DIRECT_ACCESS, diff --git a/app/finders/interesting_findings/upload_sql_dump.rb b/app/finders/interesting_findings/upload_sql_dump.rb index 81bd1ee2..9d45398f 100644 --- a/app/finders/interesting_findings/upload_sql_dump.rb +++ b/app/finders/interesting_findings/upload_sql_dump.rb @@ -12,7 +12,7 @@ module WPScan return unless res.code == 200 && res.body =~ SQL_PATTERN - WPScan::InterestingFinding.new( + WPScan::UploadSQLDump.new( url, confidence: 100, found_by: DIRECT_ACCESS diff --git a/app/models/interesting_finding.rb b/app/models/interesting_finding.rb index 306b326f..c42d2d41 100644 --- a/app/models/interesting_finding.rb +++ b/app/models/interesting_finding.rb @@ -3,4 +3,43 @@ module WPScan class InterestingFinding < CMSScanner::InterestingFinding include References end + + # + # Empty classes for the #type to be correctly displayed (as taken from the self.class from the parent) + # + class BackupDB < InterestingFinding + end + + class DebugLog < InterestingFinding + end + + class DuplicatorInstallerLog < InterestingFinding + end + + class EmergencyPwdResetScript < InterestingFinding + end + + class FullPathDisclosure < InterestingFinding + end + + class MuPlugins < InterestingFinding + end + + class Multisite < InterestingFinding + end + + class Readme < InterestingFinding + end + + class Registration < InterestingFinding + end + + class TmmDbMigrate < InterestingFinding + end + + class UploadDirectoryListing < InterestingFinding + end + + class UploadSQLDump < InterestingFinding + end end diff --git a/spec/app/finders/interesting_findings/backup_db_spec.rb b/spec/app/finders/interesting_findings/backup_db_spec.rb index 2d26b92e..246d9819 100644 --- a/spec/app/finders/interesting_findings/backup_db_spec.rb +++ b/spec/app/finders/interesting_findings/backup_db_spec.rb @@ -37,7 +37,7 @@ describe WPScan::Finders::InterestingFindings::BackupDB do after do found = finder.aggressive - expect(found).to eql WPScan::InterestingFinding.new( + expect(found).to eql WPScan::BackupDB.new( dir_url, confidence: 70, found_by: described_class::DIRECT_ACCESS diff --git a/spec/app/finders/interesting_findings/debug_log_spec.rb b/spec/app/finders/interesting_findings/debug_log_spec.rb index 86446395..4d6e3ff8 100644 --- a/spec/app/finders/interesting_findings/debug_log_spec.rb +++ b/spec/app/finders/interesting_findings/debug_log_spec.rb @@ -23,7 +23,7 @@ describe WPScan::Finders::InterestingFindings::DebugLog do let(:body) { File.read(File.join(fixtures, 'debug.log')) } it 'returns the InterestingFinding' do - expect(finder.aggressive).to eql WPScan::InterestingFinding.new( + expect(finder.aggressive).to eql WPScan::DebugLog.new( log_url, confidence: 100, found_by: described_class::DIRECT_ACCESS diff --git a/spec/app/finders/interesting_findings/duplicator_installer_log_spec.rb b/spec/app/finders/interesting_findings/duplicator_installer_log_spec.rb index dee0d18c..f578c1b5 100644 --- a/spec/app/finders/interesting_findings/duplicator_installer_log_spec.rb +++ b/spec/app/finders/interesting_findings/duplicator_installer_log_spec.rb @@ -24,7 +24,7 @@ describe WPScan::Finders::InterestingFindings::DuplicatorInstallerLog do let(:body) { File.read(File.join(fixtures, filename)) } it 'returns the InterestingFinding' do - expect(finder.aggressive).to eql WPScan::InterestingFinding.new( + expect(finder.aggressive).to eql WPScan::DuplicatorInstallerLog.new( log_url, confidence: 100, found_by: described_class::DIRECT_ACCESS diff --git a/spec/app/finders/interesting_findings/full_path_disclosure_spec.rb b/spec/app/finders/interesting_findings/full_path_disclosure_spec.rb index 62619eee..cf9e3cbc 100644 --- a/spec/app/finders/interesting_findings/full_path_disclosure_spec.rb +++ b/spec/app/finders/interesting_findings/full_path_disclosure_spec.rb @@ -25,7 +25,7 @@ describe WPScan::Finders::InterestingFindings::FullPathDisclosure do it 'returns the InterestingFinding' do found = finder.aggressive - expect(found).to eql WPScan::InterestingFinding.new( + expect(found).to eql WPScan::FullPathDisclosure.new( file_url, confidence: 100, found_by: described_class::DIRECT_ACCESS diff --git a/spec/app/finders/interesting_findings/readme_spec.rb b/spec/app/finders/interesting_findings/readme_spec.rb index 9a598b38..67a08d81 100644 --- a/spec/app/finders/interesting_findings/readme_spec.rb +++ b/spec/app/finders/interesting_findings/readme_spec.rb @@ -27,7 +27,7 @@ describe WPScan::Finders::InterestingFindings::Readme do before { stub_request(:get, target.url(file)).to_return(body: readme) } it 'returns the expected InterestingFinding' do - expected = WPScan::InterestingFinding.new( + expected = WPScan::Readme.new( target.url(file), confidence: 100, found_by: described_class::DIRECT_ACCESS diff --git a/spec/app/finders/interesting_findings/upload_sql_dump_spec.rb b/spec/app/finders/interesting_findings/upload_sql_dump_spec.rb index 30169449..842b96bc 100644 --- a/spec/app/finders/interesting_findings/upload_sql_dump_spec.rb +++ b/spec/app/finders/interesting_findings/upload_sql_dump_spec.rb @@ -38,7 +38,7 @@ describe WPScan::Finders::InterestingFindings::UploadSQLDump do let(:fixture) { 'dump.sql' } it 'returns the interesting findings' do - @expected = WPScan::InterestingFinding.new( + @expected = WPScan::UploadSQLDump.new( finder.dump_url, confidence: 100, found_by: described_class::DIRECT_ACCESS diff --git a/wpscan.gemspec b/wpscan.gemspec index f7f28b42..6bf27ef0 100644 --- a/wpscan.gemspec +++ b/wpscan.gemspec @@ -21,7 +21,7 @@ Gem::Specification.new do |s| s.executables = ['wpscan'] s.require_paths = ['lib'] - s.add_dependency 'cms_scanner', '~> 0.0.40.2' + s.add_dependency 'cms_scanner', '~> 0.0.40.3' # Already required by CMSScanner, so version restrictions loosen s.add_dependency 'activesupport', '~> 5.2'