Fixes 1426

2019-11-09 17:55:31 +00:00
parent 271dee824d
commit edebc77726
2 changed files with 37 additions and 4 deletions
--- a/app/finders/db_exports/known_locations.rb
+++ b/app/finders/db_exports/known_locations.rb
@@ -4,7 +4,6 @@ module WPScan
  module Finders
    module DbExports
      # DB Exports finder
-      # See https://github.com/wpscanteam/wpscan-v3/issues/62
      class KnownLocations < CMSScanner::Finders::Finder
        include CMSScanner::Finders::Finder::Enumerator

@@ -41,7 +40,7 @@ module WPScan
        # @return [ Hash ]
        def potential_urls(opts = {})
          urls        = {}
-          domain_name = target.uri.host[/(^[\w|-]+)/, 1]
+          domain_name = PublicSuffix.domain(target.uri.host)[/(^[\w|-]+)/, 1]

          File.open(opts[:list]).each_with_index do |path, index|
            path.gsub!('{domain_name}', domain_name)
--- a/spec/app/finders/db_exports/known_locations_spec.rb
+++ b/spec/app/finders/db_exports/known_locations_spec.rb
@@ -9,7 +9,7 @@ describe WPScan::Finders::DbExports::KnownLocations do

  describe '#potential_urls' do
    before do
-      expect(target).to receive(:sub_dir).at_least(1).and_return(false)
+      allow(target).to receive(:sub_dir).and_return(false)
    end

    it 'replace {domain_name} by its value' do
@@ -22,11 +22,45 @@ describe WPScan::Finders::DbExports::KnownLocations do
        http://ex.lo/aa/backups/db_backup.sql
      ]
    end
+
+    %w[dev poc www].each do |sub_domain|
+      context "when #{sub_domain} sub-domain" do
+        let(:url) { "https://#{sub_domain}.domain.tld" }
+
+        it 'replace {domain_name} by its correct value' do
+          expect(finder.potential_urls(opts).keys).to include "#{url}/domain.sql"
+        end
+      end
+    end
+
+    context 'when multi-level tlds' do
+      let(:url) { 'https://something.com.tr' }
+
+      it 'replace {domain_name} by its correct value' do
+        expect(finder.potential_urls(opts).keys).to include 'https://something.com.tr/something.sql'
+      end
+    end
+
+    context 'when multi-level tlds and sub-domain' do
+      let(:url) { 'https://dev.something.com.tr' }
+
+      it 'replace {domain_name} by its correct value' do
+        expect(finder.potential_urls(opts).keys).to include 'https://dev.something.com.tr/something.sql'
+      end
+    end
+
+    context 'when some weird stuff' do
+      let(:url) { 'https://098f6bcd4621d373cade4e832627b4f6.aa-bb-ccc-dd.domain-test.com' }
+
+      it 'replace {domain_name} by its correct value' do
+        expect(finder.potential_urls(opts).keys).to include "#{url}/domain-test.sql"
+      end
+    end
  end

  describe '#aggressive' do
    before do
-      expect(target).to receive(:sub_dir).at_least(1).and_return(false)
+      allow(target).to receive(:sub_dir).and_return(false)
      expect(target).to receive(:head_or_get_params).and_return(method: :head)

      finder.potential_urls(opts).each_key do |url|