Class: WPScan::Timthumb
- Inherits:
-
InterestingFinding
- Object
- CMSScanner::InterestingFinding
- InterestingFinding
- WPScan::Timthumb
- Includes:
- Vulnerable
- Defined in:
- app/models/timthumb.rb
Overview
Timthumb
Instance Attribute Summary collapse
-
#version_detection_opts ⇒ Object
readonly
Returns the value of attribute version_detection_opts.
Instance Method Summary collapse
-
#default_allowed_domains ⇒ Array<String>
The default allowed domains (between the 2.0 and 2.8.13).
-
#initialize(url, opts = {}) ⇒ Timthumb
constructor
A new instance of Timthumb.
-
#rce_132_vuln ⇒ Vulnerability
The RCE in the <= 1.32.
-
#rce_webshot_vuln ⇒ Vulnerability
The RCE due to the WebShot in the > 1.35 (or >= 2.0) and <= 2.8.13.
- #version(opts = {}) ⇒ WPScan::Version, false
- #vulnerabilities ⇒ Array<Vulnerability>
- #webshot_enabled? ⇒ Boolean
Methods included from Vulnerable
Methods included from References
#references_urls, #wpvulndb_ids, #wpvulndb_url, #wpvulndb_urls
Constructor Details
#initialize(url, opts = {}) ⇒ Timthumb
Returns a new instance of Timthumb.
11 12 13 14 15 |
# File 'app/models/timthumb.rb', line 11 def initialize(url, opts = {}) super(url, opts) @version_detection_opts = opts[:version_detection] || {} end |
Instance Attribute Details
#version_detection_opts ⇒ Object (readonly)
Returns the value of attribute version_detection_opts.
6 7 8 |
# File 'app/models/timthumb.rb', line 6 def version_detection_opts @version_detection_opts end |
Instance Method Details
#default_allowed_domains ⇒ Array<String>
Returns The default allowed domains (between the 2.0 and 2.8.13).
67 68 69 |
# File 'app/models/timthumb.rb', line 67 def default_allowed_domains %w[flickr.com picasa.com img.youtube.com upload.wikimedia.org] end |
#rce_132_vuln ⇒ Vulnerability
Returns The RCE in the <= 1.32.
37 38 39 40 41 42 43 44 |
# File 'app/models/timthumb.rb', line 37 def rce_132_vuln Vulnerability.new( 'Timthumb <= 1.32 Remote Code Execution', { exploitdb: ['17602'] }, 'RCE', '1.33' ) end |
#rce_webshot_vuln ⇒ Vulnerability
Returns The RCE due to the WebShot in the > 1.35 (or >= 2.0) and <= 2.8.13.
47 48 49 50 51 52 53 54 55 56 57 |
# File 'app/models/timthumb.rb', line 47 def rce_webshot_vuln Vulnerability.new( 'Timthumb <= 2.8.13 WebShot Remote Code Execution', { url: ['http://seclists.org/fulldisclosure/2014/Jun/117', 'https://github.com/wpscanteam/wpscan/issues/519'], cve: '2014-4663' }, 'RCE', '2.8.14' ) end |
#version(opts = {}) ⇒ WPScan::Version, false
20 21 22 23 24 |
# File 'app/models/timthumb.rb', line 20 def version(opts = {}) @version = Finders::TimthumbVersion::Base.find(self, version_detection_opts.merge(opts)) if @version.nil? @version end |
#vulnerabilities ⇒ Array<Vulnerability>
27 28 29 30 31 32 33 34 |
# File 'app/models/timthumb.rb', line 27 def vulnerabilities vulns = [] vulns << rce_webshot_vuln if version == false || version > '1.35' && version < '2.8.14' && webshot_enabled? vulns << rce_132_vuln if version == false || version < '1.33' vulns end |
#webshot_enabled? ⇒ Boolean
60 61 62 63 64 |
# File 'app/models/timthumb.rb', line 60 def webshot_enabled? res = Browser.get(url, params: { webshot: 1, src: "http://#{default_allowed_domains.sample}" }) res.body =~ /WEBSHOT_ENABLED == true/ ? false : true end |