Sha256: 96ec45d31e09f0fc6d722527a493d49a66c9bd8f6066acc08671e920460aad0d
Contents?: true
Size: 1.82 KB
Versions: 2
Compression:
Stored size: 1.82 KB
Contents
# frozen_string_literal: true
module WPScan
module Finders
module DynamicFinder
module Version
# Version finder using QueryParameter method
class QueryParameter < WPScan::Finders::DynamicFinder::Version::Finder
# @return [ Hash ]
def self.child_class_constants
@child_class_constants ||= super().merge(
XPATH: nil, FILES: nil, PATTERN: /(?:v|ver|version)\=(?<v>\d+\.[\.\d]+)/i, CONFIDENCE_PER_OCCURENCE: 10
)
end
# @param [ Typhoeus::Response ] response
# @param [ Hash ] opts
# @return [ Array<Version>, nil ]
def find(response, _opts = {})
found = []
scan_response(response).each do |version_number, occurences|
found << create_version(
version_number,
confidence: self.class::CONFIDENCE_PER_OCCURENCE * occurences.size,
interesting_entries: occurences
)
end
found.compact
end
# @param [ Typhoeus::Response ] response
# @return [ Hash ]
def scan_response(response)
found = {}
target.in_scope_uris(response, xpath) do |uri|
next unless uri.path =~ path_pattern && uri.query&.match(self.class::PATTERN)
version = Regexp.last_match[:v].to_s
found[version] ||= []
found[version] << uri.to_s
end
found
end
# @return [ String ]
def xpath
@xpath ||= self.class::XPATH || '//link[@href]/@href|//script[@src]/@src'
end
# @return [ Regexp ]
def path_pattern
@path_pattern ||= %r{/(?:#{self.class::FILES.join('|')})\z}i
end
end
end
end
end
end
Version data entries
2 entries across 2 versions & 1 rubygems
| Version | Path |
|---|---|
| wpscan-3.5.4 | lib/wpscan/finders/dynamic_finder/version/query_parameter.rb |
| wpscan-3.5.3 | lib/wpscan/finders/dynamic_finder/version/query_parameter.rb |