garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fixes 1426

Browse Source
This commit is contained in:
erwanlr
2019-11-09 17:55:31 +00:00
parent 271dee824d
commit edebc77726
2 changed files with 37 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
app/finders/db_exports/known_locations.rb
View File

@@ -4,7 +4,6 @@ module WPScan
module Finders module Finders
module DbExports module DbExports
# DB Exports finder # DB Exports finder
# See https://github.com/wpscanteam/wpscan-v3/issues/62
class KnownLocations < CMSScanner::Finders::Finder class KnownLocations < CMSScanner::Finders::Finder
include CMSScanner::Finders::Finder::Enumerator include CMSScanner::Finders::Finder::Enumerator
@@ -41,7 +40,7 @@ module WPScan
# @return [ Hash ] # @return [ Hash ]
def potential_urls(opts = {}) def potential_urls(opts = {})
urls = {} urls = {}
domain_name = target.uri.host[/(^[\w|-]+)/, 1] domain_name = PublicSuffix.domain(target.uri.host)[/(^[\w|-]+)/, 1]
File.open(opts[:list]).each_with_index do |path, index| File.open(opts[:list]).each_with_index do |path, index|
path.gsub!('{domain_name}', domain_name) path.gsub!('{domain_name}', domain_name)

38
spec/app/finders/db_exports/known_locations_spec.rb
View File

@@ -9,7 +9,7 @@ describe WPScan::Finders::DbExports::KnownLocations do
describe '#potential_urls' do describe '#potential_urls' do
before do before do
expect(target).to receive(:sub_dir).at_least(1).and_return(false) allow(target).to receive(:sub_dir).and_return(false)
end end
it 'replace {domain_name} by its value' do it 'replace {domain_name} by its value' do
@@ -22,11 +22,45 @@ describe WPScan::Finders::DbExports::KnownLocations do
http://ex.lo/aa/backups/db_backup.sql http://ex.lo/aa/backups/db_backup.sql
] ]
end end
%w[dev poc www].each do |sub_domain|
context "when #{sub_domain} sub-domain" do
let(:url) { "https://#{sub_domain}.domain.tld" }
it 'replace {domain_name} by its correct value' do
expect(finder.potential_urls(opts).keys).to include "#{url}/domain.sql"
end
end
end
context 'when multi-level tlds' do
let(:url) { 'https://something.com.tr' }
it 'replace {domain_name} by its correct value' do
expect(finder.potential_urls(opts).keys).to include 'https://something.com.tr/something.sql'
end
end
context 'when multi-level tlds and sub-domain' do
let(:url) { 'https://dev.something.com.tr' }
it 'replace {domain_name} by its correct value' do
expect(finder.potential_urls(opts).keys).to include 'https://dev.something.com.tr/something.sql'
end
end
context 'when some weird stuff' do
let(:url) { 'https://098f6bcd4621d373cade4e832627b4f6.aa-bb-ccc-dd.domain-test.com' }
it 'replace {domain_name} by its correct value' do
expect(finder.potential_urls(opts).keys).to include "#{url}/domain-test.sql"
end
end
end end
describe '#aggressive' do describe '#aggressive' do
before do before do
expect(target).to receive(:sub_dir).at_least(1).and_return(false) allow(target).to receive(:sub_dir).and_return(false)
expect(target).to receive(:head_or_get_params).and_return(method: :head) expect(target).to receive(:head_or_get_params).and_return(method: :head)
finder.potential_urls(opts).each_key do |url| finder.potential_urls(opts).each_key do |url|