wpscan 3.8.18 → 3.8.21

Sign up to get free protection for your applications and to get access to all the features.
Files changed (10) hide show
  1. checksums.yaml +4 -4
  2. data/app/finders/interesting_findings/multisite.rb +1 -1
  3. data/app/finders/plugin_version/readme.rb +2 -2
  4. data/app/models/timthumb.rb +1 -1
  5. data/lib/wpscan/db/updater.rb +8 -2
  6. data/lib/wpscan/errors/enumeration.rb +4 -4
  7. data/lib/wpscan/errors/wordpress.rb +1 -1
  8. data/lib/wpscan/finders/dynamic_finder/finder.rb +3 -1
  9. data/lib/wpscan/version.rb +1 -1
  10. metadata +12 -12
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: e7fc9dea6d2aa00fc366bbe8f1cde8af5668597020b0f3762aba9c8bd0f4f720
4
- data.tar.gz: 5bd79cbef80eb57065cafab7bbf787f4d71de73052068ac37d6a407ca86b813c
3
+ metadata.gz: 22b6d832d1770e8cac645d0b6522acf74fb1ae7282ccd576c35dc0c2f34c91a7
4
+ data.tar.gz: 53154ef76c9489dee96220ef01069802158b4087183ff8b8136d580f7dd5437e
5
5
  SHA512:
6
- metadata.gz: d093d424143d40bc594dc8f5ef5e6b577bdb09e8e1aff5289da2f471a1b5b7bccdde600c91700300a940281763b6b74e0b6384a23220d928b9e1edef947dac21
7
- data.tar.gz: 4032d8268e1961adc1c767bf6857ba5ff46c929c3534955f56550af65aa6996c59e3a2ec17f2c95f8c1af6efbc992122c5cc4f6ee3c012b978e4a5a5c9446e28
6
+ metadata.gz: c0da7e059312f7480b35df4311d2297facb1c557244d4a8bdb5270e01c35e6807c4b3c5192b174089ba770921e2231fac440da6783568e0708f8ab58a720ceb7
7
+ data.tar.gz: b7b8aa218b77d7f0857bf085d91a944578fbdc88d5fa7e58a59bb674b6a65f847d6e6b73b4cb4afbbc9cdc0ab90805db89bde234abf8208b92f0e97ef8aa72b8
data/app/finders/interesting_findings/multisite.rb CHANGED
@@ -13,7 +13,7 @@ module WPScan
13
13
 
14
14
  return unless [200, 302].include?(res.code)
15
15
  return if res.code == 302 && location&.include?('wp-login.php?action=register')
16
- return unless res.code == 200 || res.code == 302 && location&.include?('wp-signup.php')
16
+ return unless res.code == 200 || (res.code == 302 && location&.include?('wp-signup.php'))
17
17
 
18
18
  target.multisite = true
19
19
 
data/app/finders/plugin_version/readme.rb CHANGED
@@ -59,13 +59,13 @@ module WPScan
59
59
  #
60
60
  # @return [ String, nil ] The best version number detected from the changelog section
61
61
  def from_changelog_section(body)
62
- extracted_versions = body.scan(%r{=+\s+(?:v(?:ersion)?\s*)?([0-9.-]+)[ \ta-z0-9().\-/]*=+}i)
62
+ extracted_versions = body.scan(/^=+\s+(?:v(?:ersion)?\s*)?([0-9.-]+)[^=]*=+$/i)
63
63
 
64
64
  return if extracted_versions.nil? || extracted_versions.empty?
65
65
 
66
66
  extracted_versions.flatten!
67
67
  # must contain at least one number
68
- extracted_versions = extracted_versions.select { |x| x =~ /[0-9]+/ }
68
+ extracted_versions = extracted_versions.grep(/[0-9]+/)
69
69
 
70
70
  sorted = extracted_versions.sort do |x, y|
71
71
  Gem::Version.new(x) <=> Gem::Version.new(y)
data/app/models/timthumb.rb CHANGED
@@ -30,7 +30,7 @@ module WPScan
30
30
  def vulnerabilities
31
31
  vulns = []
32
32
 
33
- vulns << rce_webshot_vuln if version == false || version > '1.35' && version < '2.8.14' && webshot_enabled?
33
+ vulns << rce_webshot_vuln if version == false || (version > '1.35' && version < '2.8.14' && webshot_enabled?)
34
34
  vulns << rce_132_vuln if version == false || version < '1.33'
35
35
 
36
36
  vulns
data/lib/wpscan/db/updater.rb CHANGED
@@ -24,7 +24,13 @@ module WPScan
24
24
 
25
25
  FileUtils.mkdir_p(repo_directory.to_s) unless Dir.exist?(repo_directory.to_s)
26
26
 
27
- raise "#{repo_directory} is not writable" unless repo_directory.writable?
27
+ # When --no-update is passed, return to avoid raising an error if the directory is not writable
28
+ # Mainly there for Homebrew: https://github.com/wpscanteam/wpscan/pull/1455
29
+ return if ParsedCli.update == false
30
+
31
+ unless repo_directory.writable?
32
+ raise "#{repo_directory} is not writable (uid: #{Process.uid}, gid: #{Process.gid})"
33
+ end
28
34
 
29
35
  delete_old_files
30
36
  end
@@ -129,7 +135,7 @@ module WPScan
129
135
  res = Typhoeus.get(file_url, request_params)
130
136
  raise Error::Download, res if res.timed_out? || res.code != 200
131
137
 
132
- File.open(file_path, 'wb') { |f| f.write(res.body) }
138
+ File.binwrite(file_path, res.body)
133
139
 
134
140
  local_file_checksum(filename)
135
141
  end
data/lib/wpscan/errors/enumeration.rb CHANGED
@@ -5,16 +5,16 @@ module WPScan
5
5
  class PluginsThresholdReached < Standard
6
6
  def to_s
7
7
  "The number of plugins detected reached the threshold of #{ParsedCli.plugins_threshold} " \
8
- 'which might indicate False Positive. It would be recommended to use the --exclude-content-based ' \
9
- 'option to ignore the bad responses.'
8
+ 'which might indicate False Positive. It would be recommended to use the --exclude-content-based ' \
9
+ 'option to ignore the bad responses.'
10
10
  end
11
11
  end
12
12
 
13
13
  class ThemesThresholdReached < Standard
14
14
  def to_s
15
15
  "The number of themes detected reached the threshold of #{ParsedCli.themes_threshold} " \
16
- 'which might indicate False Positive. It would be recommended to use the --exclude-content-based ' \
17
- 'option to ignore the bad responses.'
16
+ 'which might indicate False Positive. It would be recommended to use the --exclude-content-based ' \
17
+ 'option to ignore the bad responses.'
18
18
  end
19
19
  end
20
20
  end
data/lib/wpscan/errors/wordpress.rb CHANGED
@@ -26,7 +26,7 @@ module WPScan
26
26
  class WpContentDirNotDetected < Standard
27
27
  def to_s
28
28
  'Unable to identify the wp-content dir, please supply it with --wp-content-dir,' \
29
- ' use the --scope option or make sure the --url value given is the correct one'
29
+ ' use the --scope option or make sure the --url value given is the correct one'
30
30
  end
31
31
  end
32
32
 
data/lib/wpscan/finders/dynamic_finder/finder.rb CHANGED
@@ -56,7 +56,9 @@ module WPScan
56
56
 
57
57
  homepage_result = find(target.homepage_res, opts)
58
58
 
59
- return homepage_result unless homepage_result.nil? || homepage_result.is_a?(Array) && homepage_result&.empty?
59
+ unless homepage_result.nil? || (homepage_result.is_a?(Array) && homepage_result&.empty?)
60
+ return homepage_result
61
+ end
60
62
 
61
63
  find(target.error_404_res, opts)
62
64
  end
data/lib/wpscan/version.rb CHANGED
@@ -2,5 +2,5 @@
2
2
 
3
3
  # Version
4
4
  module WPScan
5
- VERSION = '3.8.18'
5
+ VERSION = '3.8.21'
6
6
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: wpscan
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.8.18
4
+ version: 3.8.21
5
5
  platform: ruby
6
6
  authors:
7
7
  - WPScanTeam
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-06-08 00:00:00.000000000 Z
11
+ date: 2022-02-22 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: cms_scanner
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - "~>"
18
18
  - !ruby/object:Gem::Version
19
- version: 0.13.5
19
+ version: 0.13.7
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - "~>"
25
25
  - !ruby/object:Gem::Version
26
- version: 0.13.5
26
+ version: 0.13.7
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: bundler
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -72,14 +72,14 @@ dependencies:
72
72
  requirements:
73
73
  - - "~>"
74
74
  - !ruby/object:Gem::Version
75
- version: 3.10.0
75
+ version: 3.11.0
76
76
  type: :development
77
77
  prerelease: false
78
78
  version_requirements: !ruby/object:Gem::Requirement
79
79
  requirements:
80
80
  - - "~>"
81
81
  - !ruby/object:Gem::Version
82
- version: 3.10.0
82
+ version: 3.11.0
83
83
  - !ruby/object:Gem::Dependency
84
84
  name: rspec-its
85
85
  requirement: !ruby/object:Gem::Requirement
@@ -100,28 +100,28 @@ dependencies:
100
100
  requirements:
101
101
  - - "~>"
102
102
  - !ruby/object:Gem::Version
103
- version: 1.16.0
103
+ version: 1.25.0
104
104
  type: :development
105
105
  prerelease: false
106
106
  version_requirements: !ruby/object:Gem::Requirement
107
107
  requirements:
108
108
  - - "~>"
109
109
  - !ruby/object:Gem::Version
110
- version: 1.16.0
110
+ version: 1.25.0
111
111
  - !ruby/object:Gem::Dependency
112
112
  name: rubocop-performance
113
113
  requirement: !ruby/object:Gem::Requirement
114
114
  requirements:
115
115
  - - "~>"
116
116
  - !ruby/object:Gem::Version
117
- version: 1.11.0
117
+ version: 1.13.0
118
118
  type: :development
119
119
  prerelease: false
120
120
  version_requirements: !ruby/object:Gem::Requirement
121
121
  requirements:
122
122
  - - "~>"
123
123
  - !ruby/object:Gem::Version
124
- version: 1.11.0
124
+ version: 1.13.0
125
125
  - !ruby/object:Gem::Dependency
126
126
  name: simplecov
127
127
  requirement: !ruby/object:Gem::Requirement
@@ -170,14 +170,14 @@ dependencies:
170
170
  requirements:
171
171
  - - "~>"
172
172
  - !ruby/object:Gem::Version
173
- version: 3.13.0
173
+ version: 3.14.0
174
174
  type: :development
175
175
  prerelease: false
176
176
  version_requirements: !ruby/object:Gem::Requirement
177
177
  requirements:
178
178
  - - "~>"
179
179
  - !ruby/object:Gem::Version
180
- version: 3.13.0
180
+ version: 3.14.0
181
181
  description: WPScan is a black box WordPress vulnerability scanner.
182
182
  email:
183
183
  - contact@wpscan.com