![[+]](./images/find.png "show/hide quicksearch"){kind=small}
Will use all method self.find_from_* to try to detect the version Once the version is found, it will return a WpVersion object The method_name will be without ‘find_from_’ and ‘_’ will be replace by ‘ ’ (IE ‘meta generator’, ‘rss generator’ etc) If the version is not found, nil is returned
The order in which the find_from_* methods are is important, they will be called in the same order (find_from_meta_generator, find_from_rss_generator etc)
# File lib/wpscan/wp_version.rb, line 39 def self.find(target_uri) self.methods.grep(/find_from_/).each do |method_to_call| version = self.send(method_to_call, target_uri) if version return new(version, :discovery_method => method_to_call[%{find_from_(.*)}, 1].gsub('_', ' ')) end end nil end
# File lib/wpscan/wp_version.rb, line 25 def initialize(number, options = {}) @number = number @discovery_method = options[:discovery_method] @vulns_xml = options[:vulns_xml] || DATA_DIR + '/wp_vulns.xml' @vulns_xpath = "//wordpress[@version='#{@number}']/vulnerability" end
Uses data/wp_versions.xml to try to identify a wordpress version.
It does this by using client side file hashing with a scoring system.
The scoring system is a number representing the uniqueness of a client side file across all versions of wordpress.
Example:
Score - Hash - File - Versions
1 - 3e63c08553696a1dedb24b22ef6783c3 - /wp-content/themes/twentyeleven/style.css - 3.2.1 2 - 15fc925fd39bb496871e842b2a754c76 - /wp-includes/js/wp-lists.js - 2.6,2.5.1 3 - 3f03bce84d1d2a169b4bf4d8a0126e38 - /wp-includes/js/autosave.js - 2.9.2,2.9.1,2.9 /!\ Warning : this method might return false positive if the file used for fingerprinting is part of a theme (they can be updated)
# File lib/wpscan/wp_version.rb, line 88 def self.find_from_advanced_fingerprinting(target_uri) xml = Nokogiri::XML(File.open(DATA_DIR + '/wp_versions.xml')) do |config| config.noblanks end xml.xpath("//file").each do |node| file_url = target_uri.merge(node.attribute('src').text).to_s response = Browser.instance.get(file_url) md5sum = Digest::MD5.hexdigest(response.body) node.search('hash').each do |hash| if hash.attribute('md5').text == md5sum return hash.search('versions').text end end end nil # Otherwise the data['file'] is returned (issue #107) end
Attempts to find the wordpress version from, the generator meta tag in the html source.
The meta tag can be removed however it seems, that it is reinstated on upgrade.
# File lib/wpscan/wp_version.rb, line 57 def self.find_from_meta_generator(target_uri) response = Browser.instance.get(target_uri.to_s, :follow_location => true, :max_redirects => 2) response.body[%{name="generator" content="wordpress ([^"]+)"}, 1] end
# File lib/wpscan/wp_version.rb, line 107 def self.find_from_readme(target_uri) Browser.instance.get(target_uri.merge("readme.html").to_s).body[%{<br />\sversion #{WpVersion.version_pattern}}, 1] end
# File lib/wpscan/wp_version.rb, line 63 def self.find_from_rss_generator(target_uri) response = Browser.instance.get(target_uri.merge("feed/").to_s, :follow_location => true, :max_redirects => 2) response.body[%{<generator>http://wordpress.org/\?v=([^<]+)</generator>}, 1] end
code.google.com/p/wpscan/issues/detail?id=109
# File lib/wpscan/wp_version.rb, line 112 def self.find_from_sitemap_generator(target_uri) Browser.instance.get(target_uri.merge("sitemap.xml").to_s).body[%{generator="wordpress/#{WpVersion.version_pattern}"}, 1] end
Generated with the Darkfish Rdoc Generator 2.