From ce5d26a220aad7a188d8234c1dffb71a83624ea7 Mon Sep 17 00:00:00 2001
From: Ryan Dewhurst <ryandewhurst@gmail.com>
Date: Fri, 8 Jun 2018 09:56:28 +0200
Subject: [PATCH] Enhacements to sql export code. Thanks to javiercasares for
 list.

---
 lib/wpscan/web_site/sql_file_export.rb | 11 +++++++----
 wpscan.rb                              | 12 ++++++------
 2 files changed, 13 insertions(+), 10 deletions(-)

diff --git a/lib/wpscan/web_site/sql_file_export.rb b/lib/wpscan/web_site/sql_file_export.rb
index ba511eeb..72ccde7c 100644
--- a/lib/wpscan/web_site/sql_file_export.rb
+++ b/lib/wpscan/web_site/sql_file_export.rb
@@ -6,21 +6,24 @@ class WebSite
     # Checks if a .sql file exists
     # @return [ Array ]
     def sql_file_export
-      backup_files = []
+      export_files = []
 
       self.sql_file_export_urls.each do |url|
         response = Browser.get(url)
-        backup_files << url if response.code == 200 && response.body =~ /INSERT INTO/
+        export_files << url if response.code == 200 && response.body =~ /INSERT INTO/
       end
 
-      backup_files
+      export_files
     end
 
     # Gets a .sql export file URL
     # @return [ Array ]
     def sql_file_export_urls
       urls  = []
-      files = ["#{@uri.host[/(^[\w|-]+)/,1]}.sql", 'backup.sql', 'database.sql', 'dump.sql']
+      host  = @uri.host[/(^[\w|-]+)/,1]
+
+      files = ["#{host}.sql", "#{host}.sql.gz", "#{host}.zip", 'db.sql', 'site.sql', 'database.sql', 
+        'data.sql', 'backup.sql','dump.sql', 'db_backup.sql', 'dbdump.sql', 'wordpress.sql', 'mysql.sql']
 
       files.each do |file|
         urls << @uri.clone.merge(file).to_s
diff --git a/wpscan.rb b/wpscan.rb
index 1e9c1261..76113f12 100755
--- a/wpscan.rb
+++ b/wpscan.rb
@@ -255,12 +255,6 @@ def main
       end
     end
 
-    unless wp_target.sql_file_export.empty?
-      wp_target.sql_file_export.each do |file|
-        puts critical("SQL export file found: #{file}")
-      end
-    end
-
     code = get_http_status(wp_target.humans_url)
     if code == 200
       puts info("humans.txt available under: #{wp_target.humans_url}   [HTTP #{code}]")
@@ -279,6 +273,12 @@ def main
       end
     end
 
+    unless wp_target.sql_file_export.empty?
+      wp_target.sql_file_export.each do |file|
+        puts critical("SQL export file found: #{file}")
+      end
+    end
+
     if wp_target.has_debug_log?
       puts critical("Debug log file found: #{wp_target.debug_log_url}")
     end