WpPlugin

Public Class Methods

new(options = {}) click to toggle source

# File lib/wpscan/wp_plugin.rb, line 24
def initialize(options = {})
  @base_url       = options[:url]
  @path           = options[:path]
  @wp_content_dir = options[:wp_content_dir]
  @name           = options[:name] || extract_name_from_url(get_url)
  @vulns_xml      = options[:vulns_xml] || DATA_DIR + '/plugin_vulns.xml'
  @vulns_xpath    = "//plugin[@name='#@name']/vulnerability"
  @version        = nil

  raise("base_url not set") unless @base_url
  raise("path not set") unless @path
  raise("wp_content_dir not set") unless @wp_content_dir
  raise("name not set") unless @name
  raise("vulns_xml not set") unless @vulns_xml
end

Public Instance Methods

error_log?() click to toggle source

Discover any error_log files created by WordPress These are created by the WordPress error_log() function They are normally found in the /plugins/ directory, however can also be found in their specific plugin dir. www.exploit-db.com/ghdb/3714/

# File lib/wpscan/wp_plugin.rb, line 45
def error_log?
  response_body = Browser.instance.get(error_log_url(), :headers => { "range" => "bytes=0-700"}).body
  response_body[%{PHP Fatal error}] ? true : false
end

error_log_url() click to toggle source

# File lib/wpscan/wp_plugin.rb, line 50
def error_log_url
  get_url.merge("error_log").to_s
end

Home Classes Methods

In Files

Parent

Methods

Included Modules

Files

Class/Module Index

WpPlugin

Public Class Methods

Public Instance Methods