HELLO v3!!!

2018-09-26 21:12:01 +02:00
parent 28b9c15256
commit d268a86795
1871 changed files with 988118 additions and 0 deletions
--- a/app/finders/users/rss_generator.rb
+++ b/app/finders/users/rss_generator.rb
@@ -0,0 +1,38 @@
+module WPScan
+  module Finders
+    module Users
+      # Users disclosed from the dc:creator field in the RSS
+      # The names disclosed are display names, however depending on the configuration of the blog,
+      # they can be the same than usernames
+      class RSSGenerator < WPScan::Finders::WpVersion::RSSGenerator
+        def process_urls(urls, _opts = {})
+          found = []
+
+          urls.each do |url|
+            res = Browser.get_and_follow_location(url)
+
+            next unless res.code == 200 && res.body =~ /<dc\:creator>/i
+
+            potential_usernames = []
+
+            begin
+              res.xml.xpath('//item/dc:creator').each do |node|
+                potential_usernames << node.text.to_s unless node.text.to_s.length > 40
+              end
+            rescue Nokogiri::XML::XPath::SyntaxError
+              next
+            end
+
+            potential_usernames.uniq.each do |potential_username|
+              found << CMSScanner::User.new(potential_username, found_by: found_by, confidence: 50)
+            end
+
+            break
+          end
+
+          found
+        end
+      end
+    end
+  end
+end