# frozen_string_literal: true module WPScan module Finders module InterestingFindings # See https://github.com/wpscanteam/wpscan/issues/1593 class PHPDisabled < CMSScanner::Finders::Finder PATTERN = /\$wp_version =/.freeze # @return [ InterestingFinding ] def aggressive(_opts = {}) path = 'wp-includes/version.php' return unless PATTERN.match?(target.head_and_get(path).body) Model::PHPDisabled.new(target.url(path), confidence: 100, found_by: DIRECT_ACCESS) end end end end end