Class: WPScan::Finders::InterestingFindings::EmergencyPwdResetScript
- Inherits:
-
CMSScanner::Finders::Finder
- Object
- CMSScanner::Finders::Finder
- WPScan::Finders::InterestingFindings::EmergencyPwdResetScript
- Defined in:
- app/finders/interesting_findings/emergency_pwd_reset_script.rb
Overview
Emergency Password Reset Script finder
Instance Method Summary collapse
Instance Method Details
#aggressive(_opts = {}) ⇒ InterestingFinding
7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 |
# File 'app/finders/interesting_findings/emergency_pwd_reset_script.rb', line 7 def aggressive(_opts = {}) url = target.url('/emergency.php') res = Browser.get(url) return unless res.code == 200 && !target.homepage_or_404?(res) WPScan::InterestingFinding.new( url, confidence: res.body =~ /password/i ? 100 : 40, found_by: DIRECT_ACCESS, references: { url: 'https://codex.wordpress.org/Resetting_Your_Password#Using_the_Emergency_Password_Reset_Script' } ) end |