22 lines
576 B
Ruby
22 lines
576 B
Ruby
# frozen_string_literal: true
|
|
|
|
module WPScan
|
|
module Finders
|
|
module InterestingFindings
|
|
# See https://github.com/wpscanteam/wpscan/issues/1593
|
|
class PHPDisabled < CMSScanner::Finders::Finder
|
|
PATTERN = /\$wp_version =/.freeze
|
|
|
|
# @return [ InterestingFinding ]
|
|
def aggressive(_opts = {})
|
|
path = 'wp-includes/version.php'
|
|
|
|
return unless PATTERN.match?(target.head_and_get(path).body)
|
|
|
|
Model::PHPDisabled.new(target.url(path), confidence: 100, found_by: DIRECT_ACCESS)
|
|
end
|
|
end
|
|
end
|
|
end
|
|
end
|