Files

WpConfigBackup

Public Class Methods

config_backup_files() click to toggle source

@return Array

# File lib/wpscan/modules/wp_config_backup.rb, line 49
def self.config_backup_files
  [
    'wp-config.php~','#wp-config.php#','wp-config.php.save','wp-config.php.swp','wp-config.php.swo','wp-config.php_bak',
    'wp-config.bak', 'wp-config.php.bak', 'wp-config.save'
  ] # thanks to Feross.org for these
end

Public Instance Methods

config_backup() click to toggle source

Checks to see if wp-config.php has a backup See www.feross.org/cmsploit/ return an array of backup config files url

# File lib/wpscan/modules/wp_config_backup.rb, line 24
def config_backup
  found      = []
  backups    = WpConfigBackup.config_backup_files
  browser    = Browser.instance
  hydra      = browser.hydra

  backups.each do |file|
    file_url = @uri.merge(URI.escape(file)).to_s
    request  = browser.forge_request(file_url)

    request.on_complete do |response|
      if response.body[%{define}] and not response.body[%{<\s?html}]
        found << file_url
      end
    end

    hydra.queue(request)
  end

  hydra.run

  found
end

[Validate]

Generated with the Darkfish Rdoc Generator 2.