garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Checks default wp-content dir regardless of detection mode if not found passively

Browse Source
This commit is contained in:
erwanlr
2019-10-10 19:59:09 +01:00
parent d85035d5ef
commit e39a192e8d
7 changed files with 109 additions and 116 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
app/controllers/custom_directories.rb
View File

@@ -18,7 +18,7 @@ module WPScan
target.content_dir = ParsedCli.wp_content_dir if ParsedCli.wp_content_dir target.content_dir = ParsedCli.wp_content_dir if ParsedCli.wp_content_dir
target.plugins_dir = ParsedCli.wp_plugins_dir if ParsedCli.wp_plugins_dir target.plugins_dir = ParsedCli.wp_plugins_dir if ParsedCli.wp_plugins_dir
return if target.content_dir(ParsedCli.detection_mode) return if target.content_dir
raise Error::WpContentDirNotDetected raise Error::WpContentDirNotDetected
end end

2
lib/wpscan/target/platform/wordpress.rb
View File

@@ -90,7 +90,7 @@ module WPScan
def wordpress_hosted? def wordpress_hosted?
return true if /\.wordpress\.com$/i.match?(uri.host) return true if /\.wordpress\.com$/i.match?(uri.host)
unless content_dir(:passive) unless content_dir
pattern = %r{https?://s\d\.wp\.com#{WORDPRESS_PATTERN}}i.freeze pattern = %r{https?://s\d\.wp\.com#{WORDPRESS_PATTERN}}i.freeze
uris_from_page(homepage_res) do |uri| uris_from_page(homepage_res) do |uri|

5
lib/wpscan/target/platform/wordpress/custom_directories.rb
View File

@@ -13,9 +13,8 @@ module WPScan
@plugins_dir = dir.chomp('/') @plugins_dir = dir.chomp('/')
end end
# @param [ Symbol ] detection_mode
# @return [ String ] The wp-content directory # @return [ String ] The wp-content directory
def content_dir(detection_mode = :mixed) def content_dir
unless @content_dir unless @content_dir
# scope_url_pattern is from CMSScanner::Target # scope_url_pattern is from CMSScanner::Target
pattern = %r{#{scope_url_pattern}([\w\s\-/]+)\\?/(?:themes|plugins|uploads|cache)\\?/}i pattern = %r{#{scope_url_pattern}([\w\s\-/]+)\\?/(?:themes|plugins|uploads|cache)\\?/}i
@@ -29,10 +28,8 @@ module WPScan
return @content_dir = match[1] return @content_dir = match[1]
end end
unless detection_mode == :passive
return @content_dir = 'wp-content' if default_content_dir_exists? return @content_dir = 'wp-content' if default_content_dir_exists?
end end
end
@content_dir @content_dir
end end

26
spec/app/controllers/core_spec.rb
View File

@@ -166,6 +166,8 @@ describe WPScan::Controller::Core do
before do before do
expect(core).to receive(:load_server_module) expect(core).to receive(:load_server_module)
expect(core.target).to receive(:wordpress?).with(:mixed).and_return(true) expect(core.target).to receive(:wordpress?).with(:mixed).and_return(true)
expect(core.target).to receive(:wordpress_hosted?).and_return(false)
# expect(core.target).to receive(:content_dir).and_return('wp-content')
end end
it 'calls the formatter when started and finished to update the db' do it 'calls the formatter when started and finished to update the db' do
@@ -174,6 +176,19 @@ describe WPScan::Controller::Core do
end end
end end
context 'when hosted on wordpress.com' do
let(:target_url) { 'http://ex.wordpress.com' }
before { expect(core).to receive(:load_server_module) }
it 'raises an error' do
expect { core.before_scan }.to raise_error(WPScan::Error::WordPressHosted)
end
end
context 'when not hosted on wordpress.com' do
before { allow(core.target).to receive(:wordpress_hosted?).and_return(false) }
context 'when a redirect occurs' do context 'when a redirect occurs' do
before do before do
stub_request(:any, target_url) stub_request(:any, target_url)
@@ -224,16 +239,6 @@ describe WPScan::Controller::Core do
end end
end end
context 'when hosted on wordpress.com' do
let(:target_url) { 'http://ex.wordpress.com' }
before { expect(core).to receive(:load_server_module) }
it 'raises an error' do
expect { core.before_scan }.to raise_error(WPScan::Error::WordPressHosted)
end
end
context 'when wordpress' do context 'when wordpress' do
before do before do
expect(core).to receive(:load_server_module) expect(core).to receive(:load_server_module)
@@ -282,4 +287,5 @@ describe WPScan::Controller::Core do
end end
end end
end end
end
end end

2
spec/app/controllers/custom_directories_spec.rb
View File

@@ -20,7 +20,7 @@ describe WPScan::Controller::CustomDirectories do
describe '#before_scan' do describe '#before_scan' do
context 'when the content_dir is not found and not supplied' do context 'when the content_dir is not found and not supplied' do
before { expect(controller.target).to receive(:content_dir).with(:mixed) } before { expect(controller.target).to receive(:content_dir).and_return(nil) }
it 'raises an exception' do it 'raises an exception' do
expect { controller.before_scan }.to raise_error(WPScan::Error::WpContentDirNotDetected) expect { controller.before_scan }.to raise_error(WPScan::Error::WpContentDirNotDetected)

4
spec/shared_examples/target/platform/wordpress.rb
View File

@@ -152,7 +152,7 @@ shared_examples WPScan::Target::Platform::WordPress do
context 'when wp-content not detected' do context 'when wp-content not detected' do
before do before do
expect(target).to receive(:content_dir).with(:passive).and_return(nil) expect(target).to receive(:content_dir).and_return(nil)
stub_request(:get, target.url).to_return(body: File.read(fixtures.join(fixture).to_s)) stub_request(:get, target.url).to_return(body: File.read(fixtures.join(fixture).to_s))
end end
@@ -170,7 +170,7 @@ shared_examples WPScan::Target::Platform::WordPress do
end end
context 'when wp-content detected' do context 'when wp-content detected' do
before { expect(target).to receive(:content_dir).with(:passive).and_return('wp-content') } before { expect(target).to receive(:content_dir).and_return('wp-content') }
its(:wordpress_hosted?) { should be false } its(:wordpress_hosted?) { should be false }
end end

32
spec/shared_examples/target/platform/wordpress/custom_directories.rb
View File

@@ -42,35 +42,25 @@ shared_examples 'WordPress::CustomDirectories' do
end end
context 'when not found via the homepage' do context 'when not found via the homepage' do
before { stub_request(:get, target.url).to_return(body: '') } before do
stub_request(:get, target.url).to_return(body: '')
context 'when detection mode is passive' do expect(target).to receive(:default_content_dir_exists?).and_return(dir_exist)
it 'returns nil' do
expect(target).not_to receive(:default_content_dir_exist?)
expect(target.content_dir(:passive)).to eql nil
end
end end
context 'when detection mode is mixed or aggressive' do context 'when default dir does not exist' do
before { expect(target).to receive(:default_content_dir_exists?).and_return(dir_exist) }
%i[mixed aggressive].each do |mode|
context 'when default content dir exists' do
let(:dir_exist) { true }
it 'returns wp-content' do
expect(target.content_dir(mode)).to eql 'wp-content'
end
end
context 'when default content dir does not exist' do
let(:dir_exist) { false } let(:dir_exist) { false }
it 'returns nil' do it 'returns nil' do
expect(target.content_dir(mode)).to eql nil expect(target.content_dir).to eql nil
end end
end end
context 'when default dir exists' do
let(:dir_exist) { true }
it 'returns wp-content' do
expect(target.content_dir).to eql 'wp-content'
end end
end end
end end