app/finders/plugins/known_locations.rb in wpscan-3.4.5 vs app/finders/plugins/known_locations.rb in wpscan-3.5.0
- old
+ new
@@ -1,25 +1,28 @@
+# frozen_string_literal: true
+
module WPScan
module Finders
module Plugins
# Known Locations Plugins Finder
class KnownLocations < CMSScanner::Finders::Finder
include CMSScanner::Finders::Finder::Enumerator
+ # @return [ Array<Integer> ]
+ def valid_response_codes
+ @valid_response_codes ||= [200, 401, 403, 301, 500].freeze
+ end
+
# @param [ Hash ] opts
# @option opts [ String ] :list
#
# @return [ Array<Plugin> ]
def aggressive(opts = {})
found = []
- enumerate(target_urls(opts), opts) do |res, slug|
- # TODO: follow the location (from enumerate()) and remove the 301 here ?
- # As a result, it might remove false positive due to redirection to the homepage
- next unless [200, 401, 403, 301].include?(res.code)
-
- found << WPScan::Plugin.new(slug, target, opts.merge(found_by: found_by, confidence: 80))
+ enumerate(target_urls(opts), opts.merge(check_full_response: [200, 401, 403, 500])) do |_res, slug|
+ found << Model::Plugin.new(slug, target, opts.merge(found_by: found_by, confidence: 80))
end
found
end
@@ -28,13 +31,12 @@
#
# @return [ Hash ]
def target_urls(opts = {})
slugs = opts[:list] || DB::Plugins.vulnerable_slugs
urls = {}
- plugins_url = target.plugins_url
slugs.each do |slug|
- urls["#{plugins_url}#{URI.encode(slug)}/"] = slug
+ urls[target.plugin_url(slug)] = slug
end
urls
end