garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

consequent output

Browse Source
This commit is contained in:
Christian Mehlmauer
2013-02-04 23:56:11 +01:00
parent 483bfdd0e0
commit e5e99aee60
5 changed files with 80 additions and 94 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
lib/wpscan/wp_item.rb
View File

@@ -161,6 +161,20 @@ class WpItem < Vulnerable
get_url_without_filename.merge('changelog.txt')
end
def error_log_url
get_url_without_filename.merge('error_log')
end
# Discover any error_log files created by WordPress
# These are created by the WordPress error_log() function
# They are normally found in the /plugins/ directory,
# however can also be found in their specific plugin dir.
# http://www.exploit-db.com/ghdb/3714/
def error_log?
response_body = Browser.instance.get(error_log_url, headers: {'range' => 'bytes=0-700'}).body
response_body[%r{PHP Fatal error}i] ? true : false
end
# readme.txt present?
def has_readme?
unless @readme

14
lib/wpscan/wp_plugin.rb
View File

@@ -29,18 +29,4 @@ class WpPlugin < WpItem
super(options)
end
# Discover any error_log files created by WordPress
# These are created by the WordPress error_log() function
# They are normally found in the /plugins/ directory,
# however can also be found in their specific plugin dir.
# http://www.exploit-db.com/ghdb/3714/
def error_log?
response_body = Browser.instance.get(error_log_url(), headers: {'range' => 'bytes=0-700'}).body
response_body[%r{PHP Fatal error}i] ? true : false
end
def error_log_url
get_full_url.merge('error_log').to_s
end
end