wpscan 3.8.0 → 3.8.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +2 -2
- data/app/models/timthumb.rb +6 -6
- data/app/views/cli/vulnerability.erb +3 -0
- data/app/views/json/finding.erb +3 -0
- data/lib/wpscan/references.rb +1 -1
- data/lib/wpscan/version.rb +1 -1
- data/lib/wpscan/vulnerability.rb +4 -3
- metadata +4 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: f45c3ef9c7678acbc8608e823e3bd251dad461cde0b524fc57aa68447790f302
|
|
4
|
+
data.tar.gz: 4d3946d3dabbbb94f3eccf83956d31545155071588bc5aafb5f5aea452257172
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 0adff2352b84b2f791c2b71fa63ec95d03ff3244baa86f04de0fc469193099708065fce65c09a54891edd61ef71d647d711e7627835c5d480ce3f97fe1a8339e
|
|
7
|
+
data.tar.gz: 677af33b40cbdab1435d65780c4ee89eed0757bdc9981a002572bb0478391eade2eca9706c6288b9083c7b2ff6db0857495914cbde0960b09b5a937438ea24c1
|
data/README.md
CHANGED
|
@@ -7,10 +7,10 @@
|
|
|
7
7
|
<h3 align="center">WPScan</h3>
|
|
8
8
|
|
|
9
9
|
<p align="center">
|
|
10
|
-
WordPress
|
|
10
|
+
WordPress Security Scanner
|
|
11
11
|
<br>
|
|
12
12
|
<br>
|
|
13
|
-
<a href="https://wpscan.org/" title="homepage" target="_blank">Homepage</a> - <a href="https://wpscan.io/" title="wpscan.io" target="_blank">WPScan.io</a> - <a href="https://wpvulndb.com/" title="vulnerability database" target="_blank">Vulnerability Database</a> - <a href="https://wordpress.org/plugins/wpscan/" title="wordpress plugin" target="_blank">WordPress Plugin</a>
|
|
13
|
+
<a href="https://wpscan.org/" title="homepage" target="_blank">Homepage</a> - <a href="https://wpscan.io/" title="wpscan.io" target="_blank">WPScan.io</a> - <a href="https://wpvulndb.com/" title="vulnerability database" target="_blank">Vulnerability Database</a> - <a href="https://wordpress.org/plugins/wpscan/" title="wordpress security plugin" target="_blank">WordPress Security Plugin</a>
|
|
14
14
|
</p>
|
|
15
15
|
|
|
16
16
|
<p align="center">
|
data/app/models/timthumb.rb
CHANGED
|
@@ -40,9 +40,9 @@ module WPScan
|
|
|
40
40
|
def rce_132_vuln
|
|
41
41
|
Vulnerability.new(
|
|
42
42
|
'Timthumb <= 1.32 Remote Code Execution',
|
|
43
|
-
{ exploitdb: ['17602'] },
|
|
44
|
-
'RCE',
|
|
45
|
-
'1.33'
|
|
43
|
+
references: { exploitdb: ['17602'] },
|
|
44
|
+
type: 'RCE',
|
|
45
|
+
fixed_in: '1.33'
|
|
46
46
|
)
|
|
47
47
|
end
|
|
48
48
|
|
|
@@ -50,12 +50,12 @@ module WPScan
|
|
|
50
50
|
def rce_webshot_vuln
|
|
51
51
|
Vulnerability.new(
|
|
52
52
|
'Timthumb <= 2.8.13 WebShot Remote Code Execution',
|
|
53
|
-
{
|
|
53
|
+
references: {
|
|
54
54
|
url: ['http://seclists.org/fulldisclosure/2014/Jun/117', 'https://github.com/wpscanteam/wpscan/issues/519'],
|
|
55
55
|
cve: '2014-4663'
|
|
56
56
|
},
|
|
57
|
-
'RCE',
|
|
58
|
-
'2.8.14'
|
|
57
|
+
type: 'RCE',
|
|
58
|
+
fixed_in: '2.8.14'
|
|
59
59
|
)
|
|
60
60
|
end
|
|
61
61
|
|
data/app/views/json/finding.erb
CHANGED
|
@@ -19,6 +19,9 @@
|
|
|
19
19
|
<% vulns.each_with_index do |v, index| -%>
|
|
20
20
|
{
|
|
21
21
|
"title": <%= v.title.to_json %>,
|
|
22
|
+
<% if v.cvss -%>
|
|
23
|
+
"cvss": <%= v.cvss.to_json %>,
|
|
24
|
+
<% end -%>
|
|
22
25
|
"fixed_in": <%= v.fixed_in.to_json %>,
|
|
23
26
|
"references": <%= v.references.to_json %>
|
|
24
27
|
}<% unless index == last_index -%>,<% end -%>
|
data/lib/wpscan/references.rb
CHANGED
data/lib/wpscan/version.rb
CHANGED
data/lib/wpscan/vulnerability.rb
CHANGED
|
@@ -18,9 +18,10 @@ module WPScan
|
|
|
18
18
|
|
|
19
19
|
new(
|
|
20
20
|
json_data['title'],
|
|
21
|
-
references,
|
|
22
|
-
json_data['vuln_type'],
|
|
23
|
-
json_data['fixed_in']
|
|
21
|
+
references: references,
|
|
22
|
+
type: json_data['vuln_type'],
|
|
23
|
+
fixed_in: json_data['fixed_in'],
|
|
24
|
+
cvss: json_data['cvss']&.symbolize_keys
|
|
24
25
|
)
|
|
25
26
|
end
|
|
26
27
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: wpscan
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 3.8.
|
|
4
|
+
version: 3.8.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- WPScanTeam
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2020-04-
|
|
11
|
+
date: 2020-04-16 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: cms_scanner
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - "~>"
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.10.0
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - "~>"
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.10.0
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: bundler
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|