Class: WPScan::Model::Timthumb
- Inherits:
-
InterestingFinding
- Object
- CMSScanner::Model::InterestingFinding
- InterestingFinding
- WPScan::Model::Timthumb
- Includes:
- Vulnerable
- Defined in:
- app/models/timthumb.rb
Overview
Timthumb
Instance Attribute Summary collapse
-
#version_detection_opts ⇒ Object
readonly
Returns the value of attribute version_detection_opts.
Instance Method Summary collapse
-
#default_allowed_domains ⇒ Array<String>
The default allowed domains (between the 2.0 and 2.8.13).
-
#initialize(url, opts = {}) ⇒ Timthumb
constructor
A new instance of Timthumb.
-
#rce_132_vuln ⇒ Vulnerability
The RCE in the <= 1.32.
-
#rce_webshot_vuln ⇒ Vulnerability
The RCE due to the WebShot in the > 1.35 (or >= 2.0) and <= 2.8.13.
- #version(opts = {}) ⇒ Model::Version, false
- #vulnerabilities ⇒ Array<Vulnerability>
- #webshot_enabled? ⇒ Boolean
Methods included from Vulnerable
Methods included from References
#references_urls, #wpvulndb_ids, #wpvulndb_url, #wpvulndb_urls
Constructor Details
#initialize(url, opts = {}) ⇒ Timthumb
Returns a new instance of Timthumb.
14 15 16 17 18 |
# File 'app/models/timthumb.rb', line 14 def initialize(url, opts = {}) super(url, opts) @version_detection_opts = opts[:version_detection] || {} end |
Instance Attribute Details
#version_detection_opts ⇒ Object (readonly)
Returns the value of attribute version_detection_opts.
9 10 11 |
# File 'app/models/timthumb.rb', line 9 def version_detection_opts @version_detection_opts end |
Instance Method Details
#default_allowed_domains ⇒ Array<String>
Returns The default allowed domains (between the 2.0 and 2.8.13).
70 71 72 |
# File 'app/models/timthumb.rb', line 70 def default_allowed_domains %w[flickr.com picasa.com img.youtube.com upload.wikimedia.org] end |
#rce_132_vuln ⇒ Vulnerability
Returns The RCE in the <= 1.32.
40 41 42 43 44 45 46 47 |
# File 'app/models/timthumb.rb', line 40 def rce_132_vuln Vulnerability.new( 'Timthumb <= 1.32 Remote Code Execution', references: { exploitdb: ['17602'] }, type: 'RCE', fixed_in: '1.33' ) end |
#rce_webshot_vuln ⇒ Vulnerability
Returns The RCE due to the WebShot in the > 1.35 (or >= 2.0) and <= 2.8.13.
50 51 52 53 54 55 56 57 58 59 60 |
# File 'app/models/timthumb.rb', line 50 def rce_webshot_vuln Vulnerability.new( 'Timthumb <= 2.8.13 WebShot Remote Code Execution', references: { url: ['http://seclists.org/fulldisclosure/2014/Jun/117', 'https://github.com/wpscanteam/wpscan/issues/519'], cve: '2014-4663' }, type: 'RCE', fixed_in: '2.8.14' ) end |
#version(opts = {}) ⇒ Model::Version, false
23 24 25 26 27 |
# File 'app/models/timthumb.rb', line 23 def version(opts = {}) @version = Finders::TimthumbVersion::Base.find(self, version_detection_opts.merge(opts)) if @version.nil? @version end |
#vulnerabilities ⇒ Array<Vulnerability>
30 31 32 33 34 35 36 37 |
# File 'app/models/timthumb.rb', line 30 def vulnerabilities vulns = [] vulns << rce_webshot_vuln if version == false || (version > '1.35' && version < '2.8.14' && webshot_enabled?) vulns << rce_132_vuln if version == false || version < '1.33' vulns end |
#webshot_enabled? ⇒ Boolean
63 64 65 66 67 |
# File 'app/models/timthumb.rb', line 63 def webshot_enabled? res = Browser.get(url, params: { webshot: 1, src: "http://#{default_allowed_domains.sample}" }) !/WEBSHOT_ENABLED == true/.match?(res.body) end |