Better fix for #1451, adds target IP address to output, ref #1088

2020-02-11 16:28:59 +00:00
parent 6b241ce9b3
commit e2d48bedd9
4 changed files with 10 additions and 12 deletions
--- a/lib/wpscan/db/updater.rb
+++ b/lib/wpscan/db/updater.rb
@@ -67,13 +67,13 @@ module WPScan
      # @return [ Hash ] The params for Typhoeus::Request
      # @note Those params can't be overriden by CLI options
      def request_params
-        @request_params ||= {
+        @request_params ||= Browser.instance.default_connect_request_params.merge(
          timeout: 600,
          connecttimeout: 300,
          accept_encoding: 'gzip, deflate',
          cache_ttl: 0,
          headers: { 'User-Agent' => Browser.instance.default_user_agent, 'Referer' => nil }
-        }
+        )
      end

      # @return [ String ] The raw file URL associated with the given filename
@@ -85,7 +85,7 @@ module WPScan
      def remote_file_checksum(filename)
        url = "#{remote_file_url(filename)}.sha512"

-        res = Browser.get(url, request_params)
+        res = Typhoeus.get(url, request_params)
        raise Error::Download, res if res.timed_out? || res.code != 200

        res.body.chomp
@@ -126,7 +126,7 @@ module WPScan
        file_path = local_file_path(filename)
        file_url  = remote_file_url(filename)

-        res = Browser.get(file_url, request_params)
+        res = Typhoeus.get(file_url, request_params)
        raise Error::Download, res if res.timed_out? || res.code != 200

        File.open(file_path, 'wb') { |f| f.write(res.body) }
--- a/lib/wpscan/db/vuln_api.rb
+++ b/lib/wpscan/db/vuln_api.rb
@@ -66,17 +66,14 @@ module WPScan
      end

      # @return [ Hash ]
-      # Those params can not be overriden by CLI options, except for the cache_ttl
+      # @note Those params can not be overriden by CLI options
      def self.default_request_params
-        @default_request_params ||= {
-          timeout: 30,
-          connecttimeout: 15,
-          cache_ttl: Browser.instance.cache_ttl,
+        Browser.instance.default_connect_request_params.merge(
          headers: {
            'User-Agent' => Browser.instance.default_user_agent,
            'Authorization' => "Token token=#{token}"
          }
-        }
+        )
      end
    end
  end
--- a/spec/lib/db/vuln_api_spec.rb
+++ b/spec/lib/db/vuln_api_spec.rb
@@ -5,8 +5,9 @@ describe WPScan::DB::VulnApi do

  let(:request_headers) do
    {
+      'Expect' => nil,
      'User-Agent' => WPScan::Browser.instance.default_user_agent,
-      'Authorization' => 'Token token=s3cRet'
+      'Authorization' => 'Token token=' + api.token
    }
  end

--- a/wpscan.gemspec
+++ b/wpscan.gemspec
@@ -21,7 +21,7 @@ Gem::Specification.new do |s|
  s.executables           = ['wpscan']
  s.require_paths         = ['lib']

-  s.add_dependency 'cms_scanner', '~> 0.8.1'
+  s.add_dependency 'cms_scanner', '~> 0.8.2'

  s.add_development_dependency 'bundler',             '>= 1.6'
  s.add_development_dependency 'coveralls',           '~> 0.8.0'