garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fixes incorrect detection of the FDP data

Browse Source
This commit is contained in:
erwanlr
2015-10-12 12:57:20 +01:00
parent 91b30bee9f
commit d382874e86
1 changed files with 2 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
lib/wpscan/wp_target/wp_full_path_disclosure.rb
View File

@@ -2,24 +2,21 @@
class WpTarget < WebSite class WpTarget < WebSite
module WpFullPathDisclosure module WpFullPathDisclosure
# Check for Full Path Disclosure (FPD) # Check for Full Path Disclosure (FPD)
# #
# @return [ Boolean ] # @return [ Boolean ]
def has_full_path_disclosure? def has_full_path_disclosure?
response = Browser.get(full_path_disclosure_url) Browser.get(full_path_disclosure_url).body[%r/Fatal error/i] ? true : false
response.body[%r{Fatal error}i] ? true : false
end end
def full_path_disclosure_data def full_path_disclosure_data
return nil unless has_full_path_disclosure? return nil unless has_full_path_disclosure?
Browser.get(full_path_disclosure_url).body[%r{<b>([^<]+\.php)</b>}, 1] Browser.get(full_path_disclosure_url).body[/Fatal error:.+? in (.+?) on/i, 1]
end end
# @return [ String ] # @return [ String ]
def full_path_disclosure_url def full_path_disclosure_url
@uri.merge('wp-includes/rss-functions.php').to_s @uri.merge('wp-includes/rss-functions.php').to_s
end end
end end
end end