Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
wpscanteam
GitHub Repository: wpscanteam/wpscan
 Path: blob/master/app/finders/interesting_findings/upload_sql_dump.rb
485 views
1
# frozen_string_literal: true

2


3
module WPScan

4
  module Finders

5
    module InterestingFindings

6
      # UploadSQLDump finder

7
      class UploadSQLDump < CMSScanner::Finders::Finder

8
        SQL_PATTERN = /(?:DROP|CREATE|(?:UN)?LOCK) TABLE|INSERT INTO/.freeze

9


10
        # @return [ InterestingFinding ]

11
        def aggressive(_opts = {})

12
          path = 'wp-content/uploads/dump.sql'

13
          res  = target.head_and_get(path, [200], get: { headers: { 'Range' => 'bytes=0-3000' } })

14


15
          return unless SQL_PATTERN.match?(res.body)

16


17
          Model::UploadSQLDump.new(target.url(path), confidence: 100, found_by: DIRECT_ACCESS)

18
        end

19
      end

20
    end

21
  end

22
end

23


24