# File lib/wpscan/wp_plugin.rb, line 20 def initialize(options = {}) options[:vulns_file] = (options[:vulns_file] != nil and options[:vulns_file] != "") ? options[:vulns_file] : DATA_DIR + "/plugin_vulns.xml" options[:vulns_xpath] = "//plugin[@name='$name$']/vulnerability" options[:vulns_xpath_2] = "//plugin" options[:type] = "plugins" super(options) end
Discover any error_log files created by WordPress These are created by the WordPress error_log() function They are normally found in the /plugins/ directory, however can also be found in their specific plugin dir. www.exploit-db.com/ghdb/3714/
# File lib/wpscan/wp_plugin.rb, line 34 def error_log? response_body = Browser.instance.get(error_log_url(), :headers => {"range" => "bytes=0-700"}).body response_body[%r{PHP Fatal error}] ? true : false end
# File lib/wpscan/wp_plugin.rb, line 39 def error_log_url get_full_url.merge("error_log").to_s end