RubygemsResearch

Sha256: 4ef195653cc785f01d6b680536a562484e4645c30b1dc5ba19e172056524623d

Contents?: true

Size: 668 Bytes

Versions: 30

Compression:

Stored size: 668 Bytes

# frozen_string_literal: true

module WPScan
  module Finders
    module InterestingFindings
      # UploadSQLDump finder
      class UploadSQLDump < CMSScanner::Finders::Finder
        SQL_PATTERN = /(?:DROP|CREATE|(?:UN)?LOCK) TABLE|INSERT INTO/.freeze

        # @return [ InterestingFinding ]
        def aggressive(_opts = {})
          path = 'wp-content/uploads/dump.sql'
          res  = target.head_and_get(path, [200], get: { headers: { 'Range' => 'bytes=0-3000' } })

          return unless SQL_PATTERN.match?(res.body)

          Model::UploadSQLDump.new(target.url(path), confidence: 100, found_by: DIRECT_ACCESS)
        end
      end
    end
  end
end

Version data entries

30 entries across 30 versions & 1 rubygems

Version	Path
wpscan-3.8.28	app/finders/interesting_findings/upload_sql_dump.rb
wpscan-3.8.27	app/finders/interesting_findings/upload_sql_dump.rb
wpscan-3.8.26	app/finders/interesting_findings/upload_sql_dump.rb
wpscan-3.8.25	app/finders/interesting_findings/upload_sql_dump.rb
wpscan-3.8.24	app/finders/interesting_findings/upload_sql_dump.rb
wpscan-3.8.22	app/finders/interesting_findings/upload_sql_dump.rb
wpscan-3.8.21	app/finders/interesting_findings/upload_sql_dump.rb
wpscan-3.8.20	app/finders/interesting_findings/upload_sql_dump.rb
wpscan-3.8.19	app/finders/interesting_findings/upload_sql_dump.rb
wpscan-3.8.18	app/finders/interesting_findings/upload_sql_dump.rb
wpscan-3.8.17	app/finders/interesting_findings/upload_sql_dump.rb
wpscan-3.8.16	app/finders/interesting_findings/upload_sql_dump.rb
wpscan-3.8.15	app/finders/interesting_findings/upload_sql_dump.rb
wpscan-3.8.14	app/finders/interesting_findings/upload_sql_dump.rb
wpscan-3.8.13	app/finders/interesting_findings/upload_sql_dump.rb
wpscan-3.8.12	app/finders/interesting_findings/upload_sql_dump.rb
wpscan-3.8.11	app/finders/interesting_findings/upload_sql_dump.rb
wpscan-3.8.10	app/finders/interesting_findings/upload_sql_dump.rb
wpscan-3.8.9	app/finders/interesting_findings/upload_sql_dump.rb
wpscan-3.8.8	app/finders/interesting_findings/upload_sql_dump.rb