Class: WPScan::Finders::InterestingFindings::UploadSQLDump
- Inherits:
-
CMSScanner::Finders::Finder
- Object
- CMSScanner::Finders::Finder
- WPScan::Finders::InterestingFindings::UploadSQLDump
- Defined in:
- app/finders/interesting_findings/upload_sql_dump.rb
Overview
UploadSQLDump finder
Constant Summary collapse
- SQL_PATTERN =
/(?:(?:(?:DROP|CREATE) TABLE)|INSERT INTO)/
Instance Method Summary collapse
Instance Method Details
#aggressive(_opts = {}) ⇒ InterestingFinding
9 10 11 12 13 14 15 16 17 18 19 20 |
# File 'app/finders/interesting_findings/upload_sql_dump.rb', line 9 def aggressive(_opts = {}) url = dump_url res = Browser.get(url) return unless res.code == 200 && res.body =~ SQL_PATTERN WPScan::InterestingFinding.new( url, confidence: 100, found_by: DIRECT_ACCESS ) end |
#dump_url ⇒ Object
22 23 24 |
# File 'app/finders/interesting_findings/upload_sql_dump.rb', line 22 def dump_url target.url('wp-content/uploads/dump.sql') end |