From ef7ac1d77b86966a9e26776b7a52c9d4bf803919 Mon Sep 17 00:00:00 2001
From: Christian Mehlmauer <FireFart@gmail.com>
Date: Thu, 7 Aug 2014 22:01:23 +0200
Subject: [PATCH] Fix #626

---
 lib/wpscan/wp_target.rb                       |  2 ++
 lib/wpscan/wp_target/wp_custom_directories.rb |  2 +-
 lib/wpscan/wp_target/wp_must_use_plugins.rb   | 26 +++++++++++++++++++
 wpscan.rb                                     |  4 +++
 4 files changed, 33 insertions(+), 1 deletion(-)
 create mode 100644 lib/wpscan/wp_target/wp_must_use_plugins.rb

diff --git a/lib/wpscan/wp_target.rb b/lib/wpscan/wp_target.rb
index 67999b8c..17a0b9cb 100644
--- a/lib/wpscan/wp_target.rb
+++ b/lib/wpscan/wp_target.rb
@@ -5,6 +5,7 @@ require 'wp_target/malwares'
 require 'wp_target/wp_readme'
 require 'wp_target/wp_registrable'
 require 'wp_target/wp_config_backup'
+require 'wp_target/wp_must_use_plugins'
 require 'wp_target/wp_login_protection'
 require 'wp_target/wp_custom_directories'
 require 'wp_target/wp_full_path_disclosure'
@@ -14,6 +15,7 @@ class WpTarget < WebSite
   include WpTarget::WpReadme
   include WpTarget::WpRegistrable
   include WpTarget::WpConfigBackup
+  include WpTarget::WpMustUsePlugins
   include WpTarget::WpLoginProtection
   include WpTarget::WpCustomDirectories
   include WpTarget::WpFullPathDisclosure
diff --git a/lib/wpscan/wp_target/wp_custom_directories.rb b/lib/wpscan/wp_target/wp_custom_directories.rb
index 1e60791a..c724abd2 100644
--- a/lib/wpscan/wp_target/wp_custom_directories.rb
+++ b/lib/wpscan/wp_target/wp_custom_directories.rb
@@ -23,7 +23,7 @@ class WpTarget < WebSite
     # @return [ Boolean ]
     def default_wp_content_dir_exists?
       response = Browser.get(@uri.merge('wp-content').to_s)
-      hash = Digest::MD5.hexdigest(response.body)
+      hash = WebSite.page_hash(response.body)
 
       if WpTarget.valid_response_codes.include?(response.code)
         return true if hash != error_404_hash and hash != homepage_hash
diff --git a/lib/wpscan/wp_target/wp_must_use_plugins.rb b/lib/wpscan/wp_target/wp_must_use_plugins.rb
new file mode 100644
index 00000000..9f9f5a9b
--- /dev/null
+++ b/lib/wpscan/wp_target/wp_must_use_plugins.rb
@@ -0,0 +1,26 @@
+# encoding: UTF-8
+
+class WpTarget < WebSite
+  module WpMustUsePlugins
+
+    # Checks to see if the must use plugin folder exists
+    #
+    # @return [ Boolean ]
+    def has_must_use_plugins?
+      response = Browser.get(must_use_url)
+
+      if response && WpTarget.valid_response_codes.include?(response.code)
+        hash = WebSite.page_hash(response.body)
+        return true if hash != error_404_hash && hash != homepage_hash
+      end
+
+      false
+    end
+
+    # @return [ String ] The must use plugins directory URL
+    def must_use_url
+      @uri.merge("#{wp_content_dir}/mu-plugins/").to_s
+    end
+
+  end
+end
diff --git a/wpscan.rb b/wpscan.rb
index 6cfdb84c..760c39ab 100755
--- a/wpscan.rb
+++ b/wpscan.rb
@@ -171,6 +171,10 @@ def main
       puts "#{green('[+]')} This site seems to be a multisite (http://codex.wordpress.org/Glossary#Multisite)"
     end
 
+    if wp_target.has_must_use_plugins?
+      puts "#{green('[+]')} This site has must use plugins (http://codex.wordpress.org/Must_Use_Plugins)"
+    end
+
     if wp_target.registration_enabled?
       puts "#{amber('[+]')} Registration is enabled: #{wp_target.registration_url}"
     end