garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Disables a DF causing FP when checking the WP version

Browse Source
This commit is contained in:
erwanlr
2019-11-28 17:15:05 +00:00
parent c3cd815567
commit dc8cf3fc34
3 changed files with 13 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/wpscan/finders/dynamic_finder/wp_version.rb
View File

@@ -37,6 +37,8 @@ module WPScan
end end
end end
# This one has been disabled from the DF.yml as it was causing FPs when a plugin had numerous
# files matching a known WP version.
class WpItemQueryParameter < QueryParameter class WpItemQueryParameter < QueryParameter
def xpath def xpath
@xpath ||= @xpath ||=

6
spec/fixtures/db/dynamic_finders.yml vendored
View File

@@ -88,9 +88,9 @@ wordpress:
- wp-includes/css/wp-pointer.css - wp-includes/css/wp-pointer.css
confidence_per_occurence: 10 confidence_per_occurence: 10
version: true version: true
PluginAndThemeQueryParameterInHomepage: #PluginAndThemeQueryParameterInHomepage:
class: WpItemQueryParameter # class: WpItemQueryParameter
version: true # version: true
QueryParameterInInstallPage: QueryParameterInInstallPage:
class: QueryParameter class: QueryParameter
path: wp-admin/install.php path: wp-admin/install.php

16
spec/fixtures/dynamic_finders/expected.yml vendored
View File

@@ -73,14 +73,14 @@ wordpress:
- http://wp.lab/wp-includes/js/mediaelement/wp-playlist.min.js?ver=3.8.1 - http://wp.lab/wp-includes/js/mediaelement/wp-playlist.min.js?ver=3.8.1
- http://wp.lab/wp-includes/js/wp-ajax-response.min.js?ver=3.8.1 - http://wp.lab/wp-includes/js/wp-ajax-response.min.js?ver=3.8.1
- http://wp.lab/wp-includes/css/wp-pointer.min.css?ver=3.8.1 - http://wp.lab/wp-includes/css/wp-pointer.min.css?ver=3.8.1
PluginAndThemeQueryParameterInHomepage: #PluginAndThemeQueryParameterInHomepage:
number: 3.8.1 # number: 3.8.1
found_by: Plugin And Theme Query Parameter In Homepage (Passive Detection) # found_by: Plugin And Theme Query Parameter In Homepage (Passive Detection)
confidence: 30 # confidence: 30
interesting_entries: # interesting_entries:
- http://wp.lab/wp-content/themes/twentyfifteen/style.css?ver=3.8.1 # - http://wp.lab/wp-content/themes/twentyfifteen/style.css?ver=3.8.1
- http://wp.lab/wp-content/plugins/job-postings/js/script.js?v=1.4.1&ver=3.8.1 # - http://wp.lab/wp-content/plugins/job-postings/js/script.js?v=1.4.1&ver=3.8.1
- http://wp.lab/wp-content/plugins/floating-social-media-icon/css/style.css?v=3.8.1&ver=3.8.1 # - http://wp.lab/wp-content/plugins/floating-social-media-icon/css/style.css?v=3.8.1&ver=3.8.1
QueryParameterInInstallPage: QueryParameterInInstallPage:
number: 3.8.1 number: 3.8.1
found_by: Query Parameter In Install Page (Aggressive Detection) found_by: Query Parameter In Install Page (Aggressive Detection)