Contents

# frozen_string_literal: true

module WPScan
  module Finders
    module DynamicFinder
      module Version
        # Version finder using QueryParameter method
        class QueryParameter < Finders::DynamicFinder::Version::Finder
          # @return [ Hash ]
          def self.child_class_constants
            @child_class_constants ||= super().merge(
              XPATH: nil, FILES: nil, PATTERN: /(?:v|ver|version)\=(?<v>\d+\.[\.\d]+)/i, CONFIDENCE_PER_OCCURENCE: 10
            )
          end

          # @param [ Typhoeus::Response ] response
          # @param [ Hash ] opts
          # @return [ Array<Version>, nil ]
          def find(response, _opts = {})
            found = []

            scan_response(response).each do |version_number, occurences|
              found << create_version(
                version_number,
                confidence: self.class::CONFIDENCE_PER_OCCURENCE * occurences.size,
                interesting_entries: occurences
              )
            end

            found.compact
          end

          # @param [ Typhoeus::Response ] response
          # @return [ Hash ]
          def scan_response(response)
            found = {}

            target.in_scope_uris(response, xpath) do |uri|
              next unless uri.path =~ path_pattern && uri.query&.match(self.class::PATTERN)

              version = Regexp.last_match[:v].to_s

              found[version] ||= []
              found[version] << uri.to_s
            end

            found
          end

          # @return [ String ]
          def xpath
            @xpath ||= self.class::XPATH || '//link[@href]/@href|//script[@src]/@src'
          end

          # @return [ Regexp ]
          def path_pattern
            @path_pattern ||= %r{/(?:#{self.class::FILES.join('|')})\z}i
          end
        end
      end
    end
  end
end

Version data entries

20 entries across 20 versions & 1 rubygems

Version	Path
wpscan-3.8.2	lib/wpscan/finders/dynamic_finder/version/query_parameter.rb
wpscan-3.8.1	lib/wpscan/finders/dynamic_finder/version/query_parameter.rb
wpscan-3.8.0	lib/wpscan/finders/dynamic_finder/version/query_parameter.rb
wpscan-3.7.11	lib/wpscan/finders/dynamic_finder/version/query_parameter.rb
wpscan-3.7.10	lib/wpscan/finders/dynamic_finder/version/query_parameter.rb
wpscan-3.7.9	lib/wpscan/finders/dynamic_finder/version/query_parameter.rb
wpscan-3.7.8	lib/wpscan/finders/dynamic_finder/version/query_parameter.rb
wpscan-3.7.7	lib/wpscan/finders/dynamic_finder/version/query_parameter.rb
wpscan-3.7.6	lib/wpscan/finders/dynamic_finder/version/query_parameter.rb
wpscan-3.7.5	lib/wpscan/finders/dynamic_finder/version/query_parameter.rb
wpscan-3.7.4	lib/wpscan/finders/dynamic_finder/version/query_parameter.rb
wpscan-3.7.3	lib/wpscan/finders/dynamic_finder/version/query_parameter.rb
wpscan-3.7.2	lib/wpscan/finders/dynamic_finder/version/query_parameter.rb
wpscan-3.7.1	lib/wpscan/finders/dynamic_finder/version/query_parameter.rb
wpscan-3.7.0	lib/wpscan/finders/dynamic_finder/version/query_parameter.rb
wpscan-3.6.3	lib/wpscan/finders/dynamic_finder/version/query_parameter.rb
wpscan-3.6.2	lib/wpscan/finders/dynamic_finder/version/query_parameter.rb
wpscan-3.6.1	lib/wpscan/finders/dynamic_finder/version/query_parameter.rb
wpscan-3.6.0	lib/wpscan/finders/dynamic_finder/version/query_parameter.rb
wpscan-3.5.5	lib/wpscan/finders/dynamic_finder/version/query_parameter.rb