Module: WpTarget::WpConfigBackup

Included in:
WpTarget
Defined in:
lib/wpscan/wp_target/wp_config_backup.rb

Class Method Summary collapse

Instance Method Summary collapse

Class Method Details

.config_backup_filesArray

Returns:


41
42
43
44
45
46
47
# File 'lib/wpscan/wp_target/wp_config_backup.rb', line 41

def self.config_backup_files
  %w{
    wp-config.php~ #wp-config.php# wp-config.php.save .wp-config.php.swp wp-config.php.swp wp-config.php.swo 
    wp-config.php_bak wp-config.bak wp-config.php.bak wp-config.save wp-config.old wp-config.php.old
    wp-config.php.orig wp-config.orig wp-config.php.original wp-config.original wp-config.txt
  } # thanks to Feross.org for these
end

Instance Method Details

#config_backupArray

Checks to see if wp-config.php has a backup See www.feross.org/cmsploit/

Returns:

  • (Array)

    Backup config files


9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
# File 'lib/wpscan/wp_target/wp_config_backup.rb', line 9

def config_backup
  found       = []
  backups     = WpConfigBackup.config_backup_files
  browser     = Browser.instance
  hydra       = browser.hydra
  queue_count = 0

  backups.each do |file|
    file_url = @uri.merge(URI.escape(file)).to_s
    request = browser.forge_request(file_url)

    request.on_complete do |response|
      if response.body[%r{define}i] and not response.body[%r{<\s?html}i]
        found << file_url
      end
    end

    hydra.queue(request)
    queue_count += 1

    if queue_count == browser.max_threads
      hydra.run
      queue_count = 0
    end
  end

  hydra.run

  found
end