Class: WPScan::Finders::Timthumbs::KnownLocations

Inherits:
CMSScanner::Finders::Finder
  • Object
show all
Includes:
CMSScanner::Finders::Finder::Enumerator
Defined in:
app/finders/timthumbs/known_locations.rb

Overview

Known Locations Timthumbs Finder

Instance Method Summary collapse

Instance Method Details

#aggressive(opts = {}) ⇒ Array<Timthumb>

Parameters:

  • opts (Hash) (defaults to: {})

Options Hash (opts):

  • :list (String)

    Mandatory

Returns:



12
13
14
15
16
17
18
19
20
21
22
 
# File 'app/finders/timthumbs/known_locations.rb', line 12

def aggressive(opts = {})
  found = []

  enumerate(target_urls(opts), opts) do |res|
    next unless res.code == 400 && res.body =~ /no image specified/i

    found << WPScan::Timthumb.new(res.request.url, opts.merge(found_by: found_by, confidence: 100))
  end

  found
end

#create_progress_bar(opts = {}) ⇒ Object 



50
51
52
 
# File 'app/finders/timthumbs/known_locations.rb', line 50

def create_progress_bar(opts = {})
  super(opts.merge(title: ' Checking Known Locations -'))
end

#main_theme_timthumbs_pathsObject 



45
46
47
48
 
# File 'app/finders/timthumbs/known_locations.rb', line 45

def main_theme_timthumbs_paths
  %w[timthumb.php lib/timthumb.php inc/timthumb.php includes/timthumb.php
     scripts/timthumb.php tools/timthumb.php functions/timthumb.php]
end

#target_urls(opts = {}) ⇒ Hash

Parameters:

  • opts (Hash) (defaults to: {})

Options Hash (opts):

  • :list (String)

    Mandatory

Returns:

  • (Hash) 


28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
 
# File 'app/finders/timthumbs/known_locations.rb', line 28

def target_urls(opts = {})
  urls = {}

  File.open(opts[:list]).each_with_index do |path, index|
    urls[target.url(path.chomp)] = index
  end

  # Add potential timthumbs located in the main theme
  if target.main_theme
    main_theme_timthumbs_paths.each do |path|
      urls[target.main_theme.url(path)] = 1 # index not important there
    end
  end

  urls
end