Fixes #1319
This commit is contained in:
erwanlr
@@ -53,7 +53,15 @@ module WPScan
|
|||||||
|
|
||||||
# @return [ String ] The URL of the API listing the Users
|
# @return [ String ] The URL of the API listing the Users
|
||||||
def api_url
|
def api_url
|
||||||
@api_url ||= target.url('wp-json/wp/v2/users/')
|
return @api_url if @api_url
|
||||||
|
|
||||||
|
target.in_scope_urls(target.homepage_res, "//link[@rel='https://api.w.org/']/@href").each do |url, _tag|
|
||||||
|
uri = Addressable::URI.parse(url.strip)
|
||||||
|
|
||||||
|
return @api_url = uri.join('wp/v2/users/').to_s if uri.path.include?('wp-json')
|
||||||
|
end
|
||||||
|
|
||||||
|
@api_url = target.url('wp-json/wp/v2/users/')
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|||||||
@@ -5,7 +5,10 @@ describe WPScan::Finders::Users::WpJsonApi do
|
|||||||
let(:fixtures) { FINDERS_FIXTURES.join('users', 'wp_json_api') }
|
let(:fixtures) { FINDERS_FIXTURES.join('users', 'wp_json_api') }
|
||||||
|
|
||||||
describe '#aggressive' do
|
describe '#aggressive' do
|
||||||
before { allow(target).to receive(:sub_dir).and_return(false) }
|
before do
|
||||||
|
allow(target).to receive(:sub_dir).and_return(false)
|
||||||
|
allow(finder).to receive(:api_url).and_return(target.url('wp-json/wp/v2/users/'))
|
||||||
|
end
|
||||||
|
|
||||||
context 'when only one page of results' do
|
context 'when only one page of results' do
|
||||||
before do
|
before do
|
||||||
@@ -78,4 +81,54 @@ describe WPScan::Finders::Users::WpJsonApi do
|
|||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
describe '#api_url' do
|
||||||
|
let(:fixtures) { super().join('api_url') }
|
||||||
|
|
||||||
|
context 'when url in the homepage' do
|
||||||
|
{
|
||||||
|
in_scope: 'https://wp.lab/wp-json/wp/v2/users/',
|
||||||
|
out_of_scope: 'http://wp.lab/wp-json/wp/v2/users/'
|
||||||
|
}.each do |fixture, expected|
|
||||||
|
it "returns #{expected} for #{fixture}.html" do
|
||||||
|
stub_request(:get, target.url).to_return(body: File.read(fixtures.join("#{fixture}.html")))
|
||||||
|
|
||||||
|
expect(finder.api_url).to eql expected
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'when subdir' do
|
||||||
|
before { allow(target).to receive(:subdir).and_return('cms') }
|
||||||
|
|
||||||
|
{
|
||||||
|
in_scope_subdir: 'https://wp.lab/cms/wp-json/wp/v2/users/',
|
||||||
|
in_scope_subdir_ignored: 'https://wp.lab/wp-json/wp/v2/users/'
|
||||||
|
}.each do |fixture, expected|
|
||||||
|
it "returns #{expected} for #{fixture}.html" do
|
||||||
|
stub_request(:get, target.url).to_return(body: File.read(fixtures.join("#{fixture}.html")))
|
||||||
|
|
||||||
|
expect(finder.api_url).to eql expected
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'when not in the homepage' do
|
||||||
|
before { stub_request(:get, target.url) }
|
||||||
|
|
||||||
|
its(:api_url) { should eql target.url('wp-json/wp/v2/users/') }
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'when api_url already found' do
|
||||||
|
before { allow(target).to receive(:sub_dir).and_return(false) }
|
||||||
|
|
||||||
|
it 'does not check the homepage again' do
|
||||||
|
url = target.url('wp-json/wp/v2/users/')
|
||||||
|
|
||||||
|
finder.instance_variable_set(:@api_url, url)
|
||||||
|
|
||||||
|
expect(finder.api_url).to eql url
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|||||||
1
spec/fixtures/finders/users/wp_json_api/api_url/in_scope.html
vendored
Normal file
1
spec/fixtures/finders/users/wp_json_api/api_url/in_scope.html
vendored
Normal file
@@ -0,0 +1 @@
|
|||||||
|
<link rel='https://api.w.org/' href='https://wp.lab/wp-json/' />
|
||||||
6
spec/fixtures/finders/users/wp_json_api/api_url/in_scope_subdir.html
vendored
Normal file
6
spec/fixtures/finders/users/wp_json_api/api_url/in_scope_subdir.html
vendored
Normal file
@@ -0,0 +1,6 @@
|
|||||||
|
<link rel='https://api.w.org/' href='https://wp.lab/cms/wp-json/' />
|
||||||
|
<link rel="EditURI" type="application/rsd+xml" title="RSD" href="https://wp.lab/cms/xmlrpc.php?rsd" />
|
||||||
|
<link rel="wlwmanifest" type="application/wlwmanifest+xml" href="https://wp.lab/cms/wp-includes/wlwmanifest.xml" />
|
||||||
|
<link rel='shortlink' href='https://wp.lab/' />
|
||||||
|
<link rel="alternate" type="application/json+oembed" href="https://wp.lab/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwp.lab%2F" />
|
||||||
|
<link rel="alternate" type="text/xml+oembed" href="https://wp.lab/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwp.lab%2F&format=xml" />
|
||||||
6
spec/fixtures/finders/users/wp_json_api/api_url/in_scope_subdir_ignored.html
vendored
Normal file
6
spec/fixtures/finders/users/wp_json_api/api_url/in_scope_subdir_ignored.html
vendored
Normal file
@@ -0,0 +1,6 @@
|
|||||||
|
<link rel='https://api.w.org/' href='https://wp.lab/wp-json/' />
|
||||||
|
<link rel="EditURI" type="application/rsd+xml" title="RSD" href="https://wp.lab/cms/xmlrpc.php?rsd" />
|
||||||
|
<link rel="wlwmanifest" type="application/wlwmanifest+xml" href="https://wp.lab/cms/wp-includes/wlwmanifest.xml" />
|
||||||
|
<link rel='shortlink' href='https://wp.lab/' />
|
||||||
|
<link rel="alternate" type="application/json+oembed" href="https://wp.lab/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwp.lab%2F" />
|
||||||
|
<link rel="alternate" type="text/xml+oembed" href="https://wp.lab/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwp.lab%2F&format=xml" />
|
||||||
1
spec/fixtures/finders/users/wp_json_api/api_url/out_of_scope.html
vendored
Normal file
1
spec/fixtures/finders/users/wp_json_api/api_url/out_of_scope.html
vendored
Normal file
@@ -0,0 +1 @@
|
|||||||
|
<link rel='https://api.w.org/' href='https://out-there.com/wp-json/' />
|
||||||
Reference in New Issue
Block a user