garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

bugfixing and rspec tests

Browse Source
This commit is contained in:
Christian Mehlmauer
2012-09-24 18:07:22 +02:00
parent 7056d4ecd7
commit fe1191a51e
6 changed files with 66 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/wpscan/wp_target.rb
View File

@@ -132,7 +132,7 @@ class WpTarget
def search_replace_db_2_exists? def search_replace_db_2_exists?
resp = Browser.instance.get(search_replace_db_2_url) resp = Browser.instance.get(search_replace_db_2_url)
resp.status == 200 && resp.body[%r{by interconnect}i] resp.code == 200 && resp.body[%r{by interconnect}i]
end end
# Should check wp-login.php if registration is enabled or not # Should check wp-login.php if registration is enabled or not

4
lib/wpscan/wp_version.rb
View File

@@ -124,12 +124,12 @@ class WpVersion < Vulnerable
# http://code.google.com/p/wpscan/issues/detail?id=109 # http://code.google.com/p/wpscan/issues/detail?id=109
def self.find_from_sitemap_generator(options) def self.find_from_sitemap_generator(options)
target_uri = options[:base_url] target_uri = options[:base_url]
Browser.instance.get(target_uri.merge("sitemap.xml").to_s).body[%r{generator="wordpress/#{WpVersion.version_pattern}"}, 1] Browser.instance.get(target_uri.merge("sitemap.xml").to_s).body[%r{generator="wordpress/#{WpVersion.version_pattern}"}i, 1]
end end
def self.find_from_links_opml(options) def self.find_from_links_opml(options)
target_uri = options[:base_url] target_uri = options[:base_url]
Browser.instance.get(target_uri.merge("wp-links-opml.php").to_s).body[%r{generator="wordpress/#{WpVersion.version_pattern}"}, 1] Browser.instance.get(target_uri.merge("wp-links-opml.php").to_s).body[%r{generator="wordpress/#{WpVersion.version_pattern}"}i, 1]
end end
# Used to check if the version is correct : must contain at least one . # Used to check if the version is correct : must contain at least one .

9
spec/fixtures/wpscan/wp_version/opml/wp-links-opml-nogenerator.xml vendored Normal file
View File

@@ -0,0 +1,9 @@
<?xml version="1.0"?>
<opml version="1.0">
<head>
<title>Title</title>
<dateCreated>Mon, 24 Sep 2012 15:58:41 GMT</dateCreated>
</head>
<body>
</body>
</opml>

10
spec/fixtures/wpscan/wp_version/opml/wp-links-opml.xml vendored Normal file
View File

@@ -0,0 +1,10 @@
<?xml version="1.0"?>
<opml version="1.0">
<head>
<title>Title</title>
<dateCreated>Mon, 24 Sep 2012 15:58:41 GMT</dateCreated>
<!-- generator="WordPress/3.4.2" -->
</head>
<body>
</body>
</opml>

23
spec/lib/wpscan/wp_target_spec.rb
View File

@@ -221,4 +221,27 @@ describe WpTarget do
@expected = true @expected = true
end end
end end
describe "#search_replace_db_2_url" do
it "should return the correct url" do
@wp_target.search_replace_db_2_url.should == "http://example.localhost/searchreplacedb2.php"
end
end
describe "#search_replace_db_2_exists?" do
it "should return true" do
stub_request(:any, @wp_target.search_replace_db_2_url).to_return(:status => 200, :body => "asdf by interconnect asdf")
@wp_target.search_replace_db_2_exists?.should be_true
end
it "should return false" do
stub_request(:any, @wp_target.search_replace_db_2_url).to_return(:status => 500)
@wp_target.search_replace_db_2_exists?.should be_false
end
it "should return false" do
stub_request(:any, @wp_target.search_replace_db_2_url).to_return(:status => 500, :body => "asdf by interconnect asdf")
@wp_target.search_replace_db_2_exists?.should be_false
end
end
end end

22
spec/lib/wpscan/wp_version_spec.rb
View File

@@ -139,7 +139,7 @@ describe WpVersion do
end end
describe "#find_from_advanced_fingerprinting" do describe "#find_from_advanced_fingerprinting" do
let(:fixtures_dir) { SPEC_FIXTURES_WPSCAN_WP_VERSION_DIR + '/advanced' } let(:fixtures_dir) { SPEC_FIXTURES_WPSCAN_WP_VERSION_DIR + "/advanced" }
it "should return 3.2.1" do it "should return 3.2.1" do
stub_request_to_fixture(:url => @target_uri.merge("wp-admin/js/wp-fullscreen.js").to_s, stub_request_to_fixture(:url => @target_uri.merge("wp-admin/js/wp-fullscreen.js").to_s,
@@ -152,6 +152,26 @@ describe WpVersion do
end end
end end
describe "#find_from_links_opml" do
let(:fixtures_dir) { SPEC_FIXTURES_WPSCAN_WP_VERSION_DIR + "/opml" }
it "should return 3.4.2" do
stub_request_to_fixture(:url => @target_uri.merge("wp-links-opml.php").to_s,
:status => 200,
:fixture => "#{fixtures_dir}/wp-links-opml.xml")
version = WpVersion.find_from_links_opml(:base_url => @target_uri)
version.should == "3.4.2"
end
it "should return nil" do
stub_request_to_fixture(:url => @target_uri.merge("wp-links-opml.php").to_s,
:status => 200,
:fixture => "#{fixtures_dir}/wp-links-opml-nogenerator.xml")
version = WpVersion.find_from_links_opml(:base_url => @target_uri)
version.should be_nil
end
end
describe "#initialize" do describe "#initialize" do
it "should initialize a WpVersion object" do it "should initialize a WpVersion object" do
v = WpVersion.new(1, {:discovery_method => "method", :vulns_file => "asdf.xml"}) v = WpVersion.new(1, {:discovery_method => "method", :vulns_file => "asdf.xml"})