Files

WpTimthumbs

Public Class Methods

timthumbs_file(timthumbs_file_path = nil) click to toggle source 
# File lib/wpscan/modules/wp_timthumbs.rb, line 88
def self.timthumbs_file(timthumbs_file_path = nil)
  timthumbs_file_path || DATA_DIR + "/timthumbs.txt"
end

Public Instance Methods

has_timthumbs?(options = {}) click to toggle source 
# File lib/wpscan/modules/wp_timthumbs.rb, line 24
def has_timthumbs?(options = {})
  !timthumbs(options).empty?
end
timthumbs(options = {}) click to toggle source

Available options :

:theme_name
:timthumbs_file
:show_progress_bar - default false

return array of string (url of timthumbs found), can be empty

# File lib/wpscan/modules/wp_timthumbs.rb, line 34
def timthumbs(options = {})
  if @wp_timthumbs.nil?
    browser           = Browser.instance
    hydra             = browser.hydra
    found_timthumbs   = []
    request_count     = 0
    queue_count       = 0
    targets_url       = timthumbs_targets_url(options)
    show_progress_bar = options[:show_progress_bar] || false

    targets_url.each do |target_url|
      request       = browser.forge_request(target_url, :cache_timeout => 0)
      request_count += 1

      request.on_complete do |response|

        print "\rChecking for " + targets_url.size.to_s + " total timthumb files... #{(request_count * 100) / targets_url.size}% complete." if show_progress_bar

        if response.body =~ /no image specified/
          found_timthumbs << target_url
        end
      end

      hydra.queue(request)
      queue_count += 1

      if queue_count == browser.max_threads
        hydra.run
        queue_count = 0
      end
    end

    hydra.run

    @wp_timthumbs = found_timthumbs
  end
  @wp_timthumbs
end
timthumbs_targets_url(options = {}) click to toggle source

Available options :

:theme_name
:timthumbs_file

retrun array of string

# File lib/wpscan/modules/wp_timthumbs.rb, line 78
def timthumbs_targets_url(options = {})
  targets        = options[:theme_name] ? targets_url_from_theme(options[:theme_name]) : []
  timthumbs_file = WpTimthumbs.timthumbs_file(options[:timthumbs_file])
  targets        += File.open(timthumbs_file, 'r') {|file| file.readlines.collect{|line| @uri.merge(line.chomp).to_s}}

  targets.uniq!
  # randomize the array to *maybe* help in some crappy IDS/IPS/WAF evasion
  targets.sort_by! { rand }
end

Protected Instance Methods

targets_url_from_theme(theme_name) click to toggle source 
# File lib/wpscan/modules/wp_timthumbs.rb, line 93
def targets_url_from_theme(theme_name)
  targets    = []
  theme_name = URI.escape(theme_name)

  [
    'timthumb.php', 'lib/timthumb.php', 'inc/timthumb.php', 'includes/timthumb.php',
    'scripts/timthumb.php', 'tools/timthumb.php', 'functions/timthumb.php'
  ].each do |file|
    targets << @uri.merge("wp-content/themes/#{theme_name}/#{file}").to_s
  end
  targets
end

[Validate]

Generated with the Darkfish Rdoc Generator 2.