diff --git a/app/controllers/enumeration/cli_options.rb b/app/controllers/enumeration/cli_options.rb index a3491b41..ee6b8d5b 100644 --- a/app/controllers/enumeration/cli_options.rb +++ b/app/controllers/enumeration/cli_options.rb @@ -25,7 +25,10 @@ module WPScan cb: OptBoolean.new(['--config-backups']), dbe: OptBoolean.new(['--db-exports']), u: OptIntegerRange.new(['--users', 'User IDs range. e.g: u1-5'], value_if_empty: '1-10'), - m: OptIntegerRange.new(['--medias', 'Media IDs range. e.g m1-15'], value_if_empty: '1-100') + m: OptIntegerRange.new(['--medias', + 'Media IDs range. e.g m1-15', + 'Note: Permalink setting must be set to "Plain" for those to be detected'], + value_if_empty: '1-100') }, value_if_empty: 'vp,vt,tt,cb,dbe,u,m', incompatible: [%i[vp ap p], %i[vt at t]], diff --git a/app/controllers/enumeration/enum_methods.rb b/app/controllers/enumeration/enum_methods.rb index 9447bcb9..2b5758d6 100644 --- a/app/controllers/enumeration/enum_methods.rb +++ b/app/controllers/enumeration/enum_methods.rb @@ -146,7 +146,10 @@ module WPScan def enum_medias opts = default_opts('medias').merge(range: parsed_options[:enumerate][:medias]) - output('@info', msg: 'Enumerating Medias') if user_interaction? + if user_interaction? + output('@info', msg: 'Enumerating Medias (Permalink setting must be set to "Plain" for those to be detected)') + end + output('medias', medias: target.medias(opts)) end diff --git a/app/finders/medias/attachment_brute_forcing.rb b/app/finders/medias/attachment_brute_forcing.rb index 0657fd16..eefa4a07 100644 --- a/app/finders/medias/attachment_brute_forcing.rb +++ b/app/finders/medias/attachment_brute_forcing.rb @@ -1,7 +1,7 @@ module WPScan module Finders module Medias - # Medias Finder + # Medias Finder, see https://github.com/wpscanteam/wpscan/issues/172 class AttachmentBruteForcing < CMSScanner::Finders::Finder include CMSScanner::Finders::Finder::Enumerator