# File lib/wpscan/wp_plugin.rb, line 20 def initialize(options = {}) if options[:vulns_file].nil? or options[:vulns_file] == '' options[:vulns_file] = PLUGINS_VULNS_FILE end options[:vulns_xpath] = "//plugin[@name='$name$']/vulnerability" options[:vulns_xpath_2] = '//plugin' options[:type] = 'plugins' super(options) end
Discover any error_log files created by WordPress These are created by the WordPress error_log() function They are normally found in the /plugins/ directory, however can also be found in their specific plugin dir. www.exploit-db.com/ghdb/3714/
# File lib/wpscan/wp_plugin.rb, line 37 def error_log? response_body = Browser.instance.get(error_log_url(), headers: {'range' => 'bytes=0-700'}).body response_body[%r{PHP Fatal error}] ? true : false end
# File lib/wpscan/wp_plugin.rb, line 42 def error_log_url get_full_url.merge('error_log').to_s end