1
# frozen_string_literal: true
2

3
module WPScan
4
  module Finders
5
    module TimthumbVersion
6
      # Timthumb Version Finder from the body of a bad request
7
      # See https://code.google.com/p/timthumb/source/browse/trunk/timthumb.php#435
8
      class BadRequest < CMSScanner::Finders::Finder
9
        # @return [ Version ]
10
        def aggressive(_opts = {})
11
          return unless Browser.get(target.url).body =~ /(TimThumb version\s*: ([^<]+))/
12

13
          Model::Version.new(
14
            Regexp.last_match[2],
15
            found_by: 'Bad Request (Aggressive Detection)',
16
            confidence: 90,
17
            interesting_entries: ["#{target.url}, Match: '#{Regexp.last_match[1]}'"]
18
          )
19
        end
20
      end
21
    end
22
  end
23
end
24

25