garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fixes #1232

Browse Source
This commit is contained in:
erwanlr
2018-11-02 19:33:38 +00:00
parent e4f3e9d11c
commit c5e6752f75
20 changed files with 59 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
app/finders/interesting_findings/backup_db.rb
View File

@@ -11,7 +11,7 @@ module WPScan
return unless [200, 403].include?(res.code) && !target.homepage_or_404?(res)
WPScan::InterestingFinding.new(
WPScan::BackupDB.new(
url,
confidence: 70,
found_by: DIRECT_ACCESS,

2
app/finders/interesting_findings/debug_log.rb
View File

@@ -9,7 +9,7 @@ module WPScan
return unless target.debug_log?(path)
WPScan::InterestingFinding.new(
WPScan::DebugLog.new(
target.url(path),
confidence: 100, found_by: DIRECT_ACCESS
)

2
app/finders/interesting_findings/duplicator_installer_log.rb
View File

@@ -10,7 +10,7 @@ module WPScan
return unless res.body =~ /DUPLICATOR INSTALL-LOG/
WPScan::InterestingFinding.new(
WPScan::DuplicatorInstallerLog.new(
url,
confidence: 100,
found_by: DIRECT_ACCESS,

2
app/finders/interesting_findings/emergency_pwd_reset_script.rb
View File

@@ -10,7 +10,7 @@ module WPScan
return unless res.code == 200 && !target.homepage_or_404?(res)
WPScan::InterestingFinding.new(
WPScan::EmergencyPwdResetScript.new(
url,
confidence: res.body =~ /password/i ? 100 : 40,
found_by: DIRECT_ACCESS,

2
app/finders/interesting_findings/full_path_disclosure.rb
View File

@@ -10,7 +10,7 @@ module WPScan
return if fpd_entries.empty?
WPScan::InterestingFinding.new(
WPScan::FullPathDisclosure.new(
target.url(path),
confidence: 100,
found_by: DIRECT_ACCESS,

4
app/finders/interesting_findings/mu_plugins.rb
View File

@@ -12,7 +12,7 @@ module WPScan
url = target.url('wp-content/mu-plugins/')
return WPScan::InterestingFinding.new(
return WPScan::MuPlugins.new(
url,
confidence: 70,
found_by: 'URLs In Homepage (Passive Detection)',
@@ -35,7 +35,7 @@ module WPScan
target.mu_plugins = true
WPScan::InterestingFinding.new(
WPScan::MuPlugins.new(
url,
confidence: 80,
found_by: DIRECT_ACCESS,

2
app/finders/interesting_findings/multisite.rb
View File

@@ -15,7 +15,7 @@ module WPScan
target.multisite = true
WPScan::InterestingFinding.new(
WPScan::Multisite.new(
url,
confidence: 100,
found_by: DIRECT_ACCESS,

2
app/finders/interesting_findings/readme.rb
View File

@@ -10,7 +10,7 @@ module WPScan
res = Browser.get(url)
if res.code == 200 && res.body =~ /wordpress/i
return WPScan::InterestingFinding.new(url, confidence: 100, found_by: DIRECT_ACCESS)
return WPScan::Readme.new(url, confidence: 100, found_by: DIRECT_ACCESS)
end
end
nil

2
app/finders/interesting_findings/registration.rb
View File

@@ -18,7 +18,7 @@ module WPScan
target.registration_enabled = true
WPScan::InterestingFinding.new(
WPScan::Registration.new(
res.effective_url,
confidence: 100,
found_by: DIRECT_ACCESS,

2
app/finders/interesting_findings/tmm_db_migrate.rb
View File

@@ -11,7 +11,7 @@ module WPScan
return unless res.code == 200 && res.headers['Content-Type'] =~ %r{\Aapplication/zip}i
WPScan::InterestingFinding.new(
WPScan::TmmDbMigrate.new(
url,
confidence: 100,
found_by: DIRECT_ACCESS,

2
app/finders/interesting_findings/upload_directory_listing.rb
View File

@@ -11,7 +11,7 @@ module WPScan
url = target.url(path)
WPScan::InterestingFinding.new(
WPScan::UploadDirectoryListing.new(
url,
confidence: 100,
found_by: DIRECT_ACCESS,

2
app/finders/interesting_findings/upload_sql_dump.rb
View File

@@ -12,7 +12,7 @@ module WPScan
return unless res.code == 200 && res.body =~ SQL_PATTERN
WPScan::InterestingFinding.new(
WPScan::UploadSQLDump.new(
url,
confidence: 100,
found_by: DIRECT_ACCESS