Class: WPScan::Finders::InterestingFindings::MuPlugins
- Inherits:
-
CMSScanner::Finders::Finder
- Object
- CMSScanner::Finders::Finder
- WPScan::Finders::InterestingFindings::MuPlugins
- Defined in:
- app/finders/interesting_findings/mu_plugins.rb
Overview
Must Use Plugins Directory checker
Instance Method Summary collapse
Instance Method Details
#aggressive(_opts = {}) ⇒ InterestingFinding
31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 |
# File 'app/finders/interesting_findings/mu_plugins.rb', line 31 def aggressive(_opts = {}) url = target.url('wp-content/mu-plugins/') res = Browser.get_and_follow_location(url) return unless [200, 401, 403].include?(res.code) return if target.homepage_or_404?(res) target.mu_plugins = true Model::MuPlugins.new( url, confidence: 80, found_by: DIRECT_ACCESS, to_s: "This site has 'Must Use Plugins': #{url}", references: { url: 'http://codex.wordpress.org/Must_Use_Plugins' } ) end |
#passive(_opts = {}) ⇒ InterestingFinding
9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 |
# File 'app/finders/interesting_findings/mu_plugins.rb', line 9 def passive(_opts = {}) pattern = %r{#{target.content_dir}/mu\-plugins/}i target.in_scope_uris(target.homepage_res) do |uri| next unless uri.path&.match?(pattern) url = target.url('wp-content/mu-plugins/') target.mu_plugins = true return Model::MuPlugins.new( url, confidence: 70, found_by: 'URLs In Homepage (Passive Detection)', to_s: "This site has 'Must Use Plugins': #{url}", references: { url: 'http://codex.wordpress.org/Must_Use_Plugins' } ) end nil end |