lib/wpscan/target/platform/wordpress/custom_directories.rb in wpscan-3.7.8 vs lib/wpscan/target/platform/wordpress/custom_directories.rb in wpscan-3.7.9
- old
+ new
@@ -103,12 +103,13 @@
def sub_dir
return @sub_dir unless @sub_dir.nil?
# url_pattern is from CMSScanner::Target
pattern = %r{#{url_pattern}(.+?)/(?:xmlrpc\.php|wp\-includes/)}i
+ xpath = '(//@src|//@href|//@data-src)[contains(., "xmlrpc.php") or contains(., "wp-includes/")]'
[homepage_res, error_404_res].each do |page_res|
- in_scope_uris(page_res) do |uri|
+ in_scope_uris(page_res, xpath) do |uri|
return @sub_dir = Regexp.last_match[1] if uri.to_s.match(pattern)
end
end
@sub_dir = false