Files

WpTimthumbs

Public Instance Methods

has_timthumbs?(theme_name, options = {}) click to toggle source 
# File lib/wpscan/modules/wp_timthumbs.rb, line 24
def has_timthumbs?(theme_name, options = {})
  !timthumbs(theme_name, options).empty?
end
timthumbs(theme_name = nil, options = {}) click to toggle source 
# File lib/wpscan/modules/wp_timthumbs.rb, line 28
def timthumbs(theme_name = nil, options = {})
  if @wp_timthumbs.nil?
    options[:type] = "timthumbs"
    options[:only_vulnerable_ones] = false
    options[:file] = DATA_DIR + "/timthumbs.txt"
    options[:vulns_file] = "xxx"
    options[:vulns_xpath] = "xxx"
    options[:vulns_xpath_2] = "xxx"

    WpOptions.check_options(options)
    if theme_name == nil
      custom_items = nil
    else
      custom_items = targets_url_from_theme(theme_name, options)
    end
    @wp_timthumbs = WpEnumerator.enumerate(options, custom_items)
  end
  @wp_timthumbs
end

Protected Instance Methods

targets_url_from_theme(theme_name, options) click to toggle source 
# File lib/wpscan/modules/wp_timthumbs.rb, line 49
def targets_url_from_theme(theme_name, options)
  targets    = []
  theme_name = URI.escape(theme_name)

  [
    'timthumb.php', 'lib/timthumb.php', 'inc/timthumb.php', 'includes/timthumb.php',
    'scripts/timthumb.php', 'tools/timthumb.php', 'functions/timthumb.php'
  ].each do |file|
    targets << {
        :url            => options[:url],
        :path           => "themes/#{theme_name}/#{file}",
        :wp_content_dir => options[:wp_content_dir],
        :name           => options[:name]
    }
  end
  targets
end

[Validate]

Generated with the Darkfish Rdoc Generator 2.