Adds wp-cron.php detection - Fixes #1299

2019-03-10 07:53:12 +00:00
parent 26c6be7268
commit fee3671e32
4 changed files with 66 additions and 1 deletions
--- a/app/finders/interesting_findings/wp_cron.rb
+++ b/app/finders/interesting_findings/wp_cron.rb
@@ -0,0 +1,31 @@
+module WPScan
+  module Finders
+    module InterestingFindings
+      # wp-cron.php finder
+      class WPCron < CMSScanner::Finders::Finder
+        # @return [ InterestingFinding ]
+        def aggressive(_opts = {})
+          res = Browser.get(wp_cron_url)
+
+          return unless res.code == 200
+
+          WPScan::WPCron.new(
+            wp_cron_url,
+            confidence: 100,
+            found_by: DIRECT_ACCESS,
+            references: {
+              url: [
+                'https://www.iplocation.net/defend-wordpress-from-ddos',
+                'https://github.com/wpscanteam/wpscan/issues/1299'
+              ]
+            }
+          )
+        end
+
+        def wp_cron_url
+          @wp_cron_url ||= target.url('wp-cron.php')
+        end
+      end
+    end
+  end
+end