Disables a DF causing FP when checking the WP version

2019-11-28 17:15:05 +00:00
parent c3cd815567
commit dc8cf3fc34
3 changed files with 13 additions and 11 deletions
--- a/lib/wpscan/finders/dynamic_finder/wp_version.rb
+++ b/lib/wpscan/finders/dynamic_finder/wp_version.rb
@@ -37,6 +37,8 @@ module WPScan
          end
        end

+        # This one has been disabled from the DF.yml as it was causing FPs when a plugin had numerous
+        # files matching a known WP version.
        class WpItemQueryParameter < QueryParameter
          def xpath
            @xpath ||=
--- a/spec/fixtures/db/dynamic_finders.yml
+++ b/spec/fixtures/db/dynamic_finders.yml
@@ -88,9 +88,9 @@ wordpress:
    - wp-includes/css/wp-pointer.css
    confidence_per_occurence: 10
    version: true
-  PluginAndThemeQueryParameterInHomepage:
-    class: WpItemQueryParameter
-    version: true
+  #PluginAndThemeQueryParameterInHomepage:
+  #  class: WpItemQueryParameter
+  #  version: true
  QueryParameterInInstallPage:
    class: QueryParameter
    path: wp-admin/install.php
--- a/spec/fixtures/dynamic_finders/expected.yml
+++ b/spec/fixtures/dynamic_finders/expected.yml
@@ -73,14 +73,14 @@ wordpress:
    - http://wp.lab/wp-includes/js/mediaelement/wp-playlist.min.js?ver=3.8.1
    - http://wp.lab/wp-includes/js/wp-ajax-response.min.js?ver=3.8.1
    - http://wp.lab/wp-includes/css/wp-pointer.min.css?ver=3.8.1
-  PluginAndThemeQueryParameterInHomepage:
-    number: 3.8.1
-    found_by: Plugin And Theme Query Parameter In Homepage (Passive Detection)
-    confidence: 30
-    interesting_entries:
-    - http://wp.lab/wp-content/themes/twentyfifteen/style.css?ver=3.8.1
-    - http://wp.lab/wp-content/plugins/job-postings/js/script.js?v=1.4.1&ver=3.8.1
-    - http://wp.lab/wp-content/plugins/floating-social-media-icon/css/style.css?v=3.8.1&ver=3.8.1
+  #PluginAndThemeQueryParameterInHomepage:
+  #  number: 3.8.1
+  #  found_by: Plugin And Theme Query Parameter In Homepage (Passive Detection)
+  #  confidence: 30
+  #  interesting_entries:
+  #  - http://wp.lab/wp-content/themes/twentyfifteen/style.css?ver=3.8.1
+  #  - http://wp.lab/wp-content/plugins/job-postings/js/script.js?v=1.4.1&ver=3.8.1
+  #  - http://wp.lab/wp-content/plugins/floating-social-media-icon/css/style.css?v=3.8.1&ver=3.8.1
  QueryParameterInInstallPage:
    number: 3.8.1
    found_by: Query Parameter In Install Page (Aggressive Detection)