Path: blob/master/app/finders/timthumbs/known_locations.rb
485 views
# frozen_string_literal: true12module WPScan3module Finders4module Timthumbs5# Known Locations Timthumbs Finder6# Note: A vulnerable version, 2.8.13 can be found here:7# https://github.com/GabrielGil/TimThumb/blob/980c3d6a823477761570475e8b83d3e9fcd2d7ae/timthumb.php8class KnownLocations < CMSScanner::Finders::Finder9include CMSScanner::Finders::Finder::Enumerator1011# @return [ Array<Integer> ]12def valid_response_codes13@valid_response_codes ||= [400]14end1516# @param [ Hash ] opts17# @option opts [ String ] :list Mandatory18#19# @return [ Array<Timthumb> ]20def aggressive(opts = {})21found = []2223enumerate(target_urls(opts), opts.merge(check_full_response: 400)) do |res|24next unless /no image specified/i.match?(res.body)2526found << Model::Timthumb.new(res.request.url, opts.merge(found_by: found_by, confidence: 100))27end2829found30end3132# @param [ Hash ] opts33# @option opts [ String ] :list Mandatory34#35# @return [ Hash ]36def target_urls(opts = {})37urls = {}3839File.open(opts[:list]).each_with_index do |path, index|40urls[target.url(path.chomp)] = index41end4243# Add potential timthumbs located in the main theme44if target.main_theme45main_theme_timthumbs_paths.each do |path|46urls[target.main_theme.url(path)] = 1 # index not important there47end48end4950urls51end5253def main_theme_timthumbs_paths54%w[timthumb.php lib/timthumb.php inc/timthumb.php includes/timthumb.php55scripts/timthumb.php tools/timthumb.php functions/timthumb.php]56end5758def create_progress_bar(opts = {})59super(opts.merge(title: ' Checking Known Locations -'))60end61end62end63end64end656667