Class: WPScan::Finders::Users::OembedApi

Inherits:

CMSScanner::Finders::Finder

• Object
• CMSScanner::Finders::Finder
• WPScan::Finders::Users::OembedApi

Defined in:

app/finders/users/oembed_api.rb

Overview

Since WP 4.4, the oembed API can disclose a user github.com/wpscanteam/wpscan/issues/1049

Instance Method Summary

• #aggressive(_opts = {}) ⇒ Array<User>

  TODO: make this code pretty :x.

• #api_url ⇒ String

  The URL of the API listing the Users.

• #passive(_opts = {}) ⇒ Array<User>

Instance Method Details

#aggressive(_opts = {}) ⇒ Array<User>

TODO: make this code pretty :x

Parameters:

• opts (Hash)

Returns:

• (Array<User>)

# File 'app/finders/users/oembed_api.rb', line 20

def aggressive(_opts = {})
  found        = []
  found_by_msg = 'Oembed API - %s (Aggressive Detection)'

  oembed_data = JSON.parse(Browser.get(api_url).body)

  if oembed_data['author_url'] =~ %r{/author/([^/]+)/?\z}
    details = [Regexp.last_match[1], 'Author URL', 90]
  elsif oembed_data['author_name'] && !oembed_data['author_name'].empty?
    details = [oembed_data['author_name'].delete(' '), 'Author Name', 70]
  end

  return unless details

  found << WPScan::User.new(details[0],
                            found_by: format(found_by_msg, details[1]),
                            confidence: details[2],
                            interesting_entries: [api_url])
rescue JSON::ParserError
  found
end

#api_url ⇒ String

Returns The URL of the API listing the Users.

Returns:

• (String) —

  The URL of the API listing the Users

# File 'app/finders/users/oembed_api.rb', line 43

def api_url
  @api_url ||= target.url("wp-json/oembed/1.0/embed?url=#{target.url}&format=json")
end

#passive(_opts = {}) ⇒ Array<User>

Parameters:

• opts (Hash)

Returns:

• (Array<User>)

# File 'app/finders/users/oembed_api.rb', line 10

def passive(_opts = {})
  # TODO: get the api_url from the Homepage and query it if present,
  # then discard the aggressive check if same/similar URL
end