Class: WPScan::Finders::Timthumbs::KnownLocations

Inherits:

CMSScanner::Finders::Finder

• Object
• CMSScanner::Finders::Finder
• WPScan::Finders::Timthumbs::KnownLocations

Includes:

CMSScanner::Finders::Finder::Enumerator

Defined in:

app/finders/timthumbs/known_locations.rb

Overview

Known Locations Timthumbs Finder Note: A vulnerable version, 2.8.13 can be found here: github.com/GabrielGil/TimThumb/blob/980c3d6a823477761570475e8b83d3e9fcd2d7ae/timthumb.php

Instance Method Summary

• #aggressive(opts = {}) ⇒ Array<Timthumb>
• #create_progress_bar(opts = {}) ⇒ Object
• #main_theme_timthumbs_paths ⇒ Object
• #target_urls(opts = {}) ⇒ Hash
• #valid_response_codes ⇒ Array<Integer>

Instance Method Details

#aggressive(opts = {}) ⇒ Array<Timthumb>

Parameters:

• opts (Hash) (defaults to: {})

Options Hash (opts):

• :list (String) —

  Mandatory

Returns:

• (Array<Timthumb>)

# File 'app/finders/timthumbs/known_locations.rb', line 21

def aggressive(opts = {})
  found = []

  enumerate(target_urls(opts), opts.merge(check_full_response: 400)) do |res|
    next unless /no image specified/i.match?(res.body)

    found << Model::Timthumb.new(res.request.url, opts.merge(found_by: found_by, confidence: 100))
  end

  found
end

#create_progress_bar(opts = {}) ⇒ Object

# File 'app/finders/timthumbs/known_locations.rb', line 59

def create_progress_bar(opts = {})
  super(opts.merge(title: ' Checking Known Locations -'))
end

#main_theme_timthumbs_paths ⇒ Object

# File 'app/finders/timthumbs/known_locations.rb', line 54

def main_theme_timthumbs_paths
  %w[timthumb.php lib/timthumb.php inc/timthumb.php includes/timthumb.php
     scripts/timthumb.php tools/timthumb.php functions/timthumb.php]
end

#target_urls(opts = {}) ⇒ Hash

Parameters:

• opts (Hash) (defaults to: {})

Options Hash (opts):

• :list (String) —

  Mandatory

Returns:

• (Hash)

# File 'app/finders/timthumbs/known_locations.rb', line 37

def target_urls(opts = {})
  urls = {}

  File.open(opts[:list]).each_with_index do |path, index|
    urls[target.url(path.chomp)] = index
  end

  # Add potential timthumbs located in the main theme
  if target.main_theme
    main_theme_timthumbs_paths.each do |path|
      urls[target.main_theme.url(path)] = 1 # index not important there
    end
  end

  urls
end

#valid_response_codes ⇒ Array<Integer>

Returns:

• (Array<Integer>)

# File 'app/finders/timthumbs/known_locations.rb', line 13

def valid_response_codes
  @valid_response_codes ||= [400]
end