wpscan 3.8.0 → 3.8.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +2 -2
- data/app/models/timthumb.rb +6 -6
- data/app/views/cli/vulnerability.erb +3 -0
- data/app/views/json/finding.erb +3 -0
- data/lib/wpscan/references.rb +1 -1
- data/lib/wpscan/version.rb +1 -1
- data/lib/wpscan/vulnerability.rb +4 -3
- metadata +4 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: f45c3ef9c7678acbc8608e823e3bd251dad461cde0b524fc57aa68447790f302
|
|
4
|
+
data.tar.gz: 4d3946d3dabbbb94f3eccf83956d31545155071588bc5aafb5f5aea452257172
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 0adff2352b84b2f791c2b71fa63ec95d03ff3244baa86f04de0fc469193099708065fce65c09a54891edd61ef71d647d711e7627835c5d480ce3f97fe1a8339e
|
|
7
|
+
data.tar.gz: 677af33b40cbdab1435d65780c4ee89eed0757bdc9981a002572bb0478391eade2eca9706c6288b9083c7b2ff6db0857495914cbde0960b09b5a937438ea24c1
|
data/README.md
CHANGED
|
@@ -7,10 +7,10 @@
|
|
|
7
7
|
<h3 align="center">WPScan</h3>
|
|
8
8
|
|
|
9
9
|
<p align="center">
|
|
10
|
-
WordPress
|
|
10
|
+
WordPress Security Scanner
|
|
11
11
|
<br>
|
|
12
12
|
<br>
|
|
13
|
-
<a href="https://wpscan.org/" title="homepage" target="_blank">Homepage</a> - <a href="https://wpscan.io/" title="wpscan.io" target="_blank">WPScan.io</a> - <a href="https://wpvulndb.com/" title="vulnerability database" target="_blank">Vulnerability Database</a> - <a href="https://wordpress.org/plugins/wpscan/" title="wordpress plugin" target="_blank">WordPress Plugin</a>
|
|
13
|
+
<a href="https://wpscan.org/" title="homepage" target="_blank">Homepage</a> - <a href="https://wpscan.io/" title="wpscan.io" target="_blank">WPScan.io</a> - <a href="https://wpvulndb.com/" title="vulnerability database" target="_blank">Vulnerability Database</a> - <a href="https://wordpress.org/plugins/wpscan/" title="wordpress security plugin" target="_blank">WordPress Security Plugin</a>
|
|
14
14
|
</p>
|
|
15
15
|
|
|
16
16
|
<p align="center">
|
data/app/models/timthumb.rb
CHANGED
|
@@ -40,9 +40,9 @@ module WPScan
|
|
|
40
40
|
def rce_132_vuln
|
|
41
41
|
Vulnerability.new(
|
|
42
42
|
'Timthumb <= 1.32 Remote Code Execution',
|
|
43
|
-
{ exploitdb: ['17602'] },
|
|
44
|
-
'RCE',
|
|
45
|
-
'1.33'
|
|
43
|
+
references: { exploitdb: ['17602'] },
|
|
44
|
+
type: 'RCE',
|
|
45
|
+
fixed_in: '1.33'
|
|
46
46
|
)
|
|
47
47
|
end
|
|
48
48
|
|
|
@@ -50,12 +50,12 @@ module WPScan
|
|
|
50
50
|
def rce_webshot_vuln
|
|
51
51
|
Vulnerability.new(
|
|
52
52
|
'Timthumb <= 2.8.13 WebShot Remote Code Execution',
|
|
53
|
-
{
|
|
53
|
+
references: {
|
|
54
54
|
url: ['http://seclists.org/fulldisclosure/2014/Jun/117', 'https://github.com/wpscanteam/wpscan/issues/519'],
|
|
55
55
|
cve: '2014-4663'
|
|
56
56
|
},
|
|
57
|
-
'RCE',
|
|
58
|
-
'2.8.14'
|
|
57
|
+
type: 'RCE',
|
|
58
|
+
fixed_in: '2.8.14'
|
|
59
59
|
)
|
|
60
60
|
end
|
|
61
61
|
|
data/app/views/json/finding.erb
CHANGED
|
@@ -19,6 +19,9 @@
|
|
|
19
19
|
<% vulns.each_with_index do |v, index| -%>
|
|
20
20
|
{
|
|
21
21
|
"title": <%= v.title.to_json %>,
|
|
22
|
+
<% if v.cvss -%>
|
|
23
|
+
"cvss": <%= v.cvss.to_json %>,
|
|
24
|
+
<% end -%>
|
|
22
25
|
"fixed_in": <%= v.fixed_in.to_json %>,
|
|
23
26
|
"references": <%= v.references.to_json %>
|
|
24
27
|
}<% unless index == last_index -%>,<% end -%>
|
data/lib/wpscan/references.rb
CHANGED
data/lib/wpscan/version.rb
CHANGED
data/lib/wpscan/vulnerability.rb
CHANGED
|
@@ -18,9 +18,10 @@ module WPScan
|
|
|
18
18
|
|
|
19
19
|
new(
|
|
20
20
|
json_data['title'],
|
|
21
|
-
references,
|
|
22
|
-
json_data['vuln_type'],
|
|
23
|
-
json_data['fixed_in']
|
|
21
|
+
references: references,
|
|
22
|
+
type: json_data['vuln_type'],
|
|
23
|
+
fixed_in: json_data['fixed_in'],
|
|
24
|
+
cvss: json_data['cvss']&.symbolize_keys
|
|
24
25
|
)
|
|
25
26
|
end
|
|
26
27
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: wpscan
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 3.8.
|
|
4
|
+
version: 3.8.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- WPScanTeam
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2020-04-
|
|
11
|
+
date: 2020-04-16 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: cms_scanner
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - "~>"
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.10.0
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - "~>"
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.10.0
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: bundler
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|