Class: WPScan::Finders::Users::YoastSeoAuthorSitemap
- Inherits:
-
CMSScanner::Finders::Finder
- Object
- CMSScanner::Finders::Finder
- WPScan::Finders::Users::YoastSeoAuthorSitemap
- Defined in:
- app/finders/users/yoast_seo_author_sitemap.rb
Overview
The YOAST SEO plugin has an author-sitemap.xml which can leak usernames See github.com/wpscanteam/wpscan/issues/1228
Instance Method Summary collapse
- #aggressive(_opts = {}) ⇒ Array<User>
-
#sitemap_url ⇒ String
The URL of the author-sitemap.
Instance Method Details
#aggressive(_opts = {}) ⇒ Array<User>
12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 |
# File 'app/finders/users/yoast_seo_author_sitemap.rb', line 12 def aggressive(_opts = {}) found = [] Browser.get(sitemap_url).html.xpath('//url/loc').each do |user_tag| username = user_tag.text.to_s[%r{/author/([^\/]+)/}, 1] next unless username && !username.strip.empty? found << Model::User.new(username, found_by: found_by, confidence: 100, interesting_entries: [sitemap_url]) end found end |
#sitemap_url ⇒ String
Returns The URL of the author-sitemap.
30 31 32 |
# File 'app/finders/users/yoast_seo_author_sitemap.rb', line 30 def sitemap_url @sitemap_url ||= target.url('author-sitemap.xml') end |