garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fixes incorrect detection of the FDP data

Browse Source
This commit is contained in:
erwanlr
2015-10-12 12:57:20 +01:00
parent 91b30bee9f
commit d382874e86
1 changed files with 2 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
lib/wpscan/wp_target/wp_full_path_disclosure.rb
View File

@@ -2,24 +2,21 @@
class WpTarget < WebSite
module WpFullPathDisclosure
# Check for Full Path Disclosure (FPD)
#
# @return [ Boolean ]
def has_full_path_disclosure?
response = Browser.get(full_path_disclosure_url)
response.body[%r{Fatal error}i] ? true : false
Browser.get(full_path_disclosure_url).body[%r/Fatal error/i] ? true : false
end
def full_path_disclosure_data
return nil unless has_full_path_disclosure?
Browser.get(full_path_disclosure_url).body[%r{<b>([^<]+\.php)</b>}, 1]
Browser.get(full_path_disclosure_url).body[/Fatal error:.+? in (.+?) on/i, 1]
end
# @return [ String ]
def full_path_disclosure_url
@uri.merge('wp-includes/rss-functions.php').to_s
end
end
end