25 lines
722 B
Ruby
25 lines
722 B
Ruby
module WPScan
|
|
module Finders
|
|
module InterestingFindings
|
|
# Full Path Disclosure finder
|
|
class FullPathDisclosure < CMSScanner::Finders::Finder
|
|
# @return [ InterestingFinding ]
|
|
def aggressive(_opts = {})
|
|
path = 'wp-includes/rss-functions.php'
|
|
fpd_entries = target.full_path_disclosure_entries(path)
|
|
|
|
return if fpd_entries.empty?
|
|
|
|
WPScan::FullPathDisclosure.new(
|
|
target.url(path),
|
|
confidence: 100,
|
|
found_by: DIRECT_ACCESS,
|
|
interesting_entries: fpd_entries,
|
|
references: { url: 'https://www.owasp.org/index.php/Full_Path_Disclosure' }
|
|
)
|
|
end
|
|
end
|
|
end
|
|
end
|
|
end
|