Module: WpTarget::WpConfigBackup
- Included in:
- WpTarget
- Defined in:
- lib/wpscan/wp_target/wp_config_backup.rb
Class Method Summary (collapse)
Instance Method Summary (collapse)
-
- (Object) config_backup
Checks to see if wp-config.php has a backup See www.feross.org/cmsploit/ return an array of backup config files url.
Class Method Details
+ (Object) config_backup_files
Array
41 42 43 44 45 46 47 |
# File 'lib/wpscan/wp_target/wp_config_backup.rb', line 41 def self.config_backup_files %w{ wp-config.php~ #wp-config.php# wp-config.php.save wp-config.php.swp wp-config.php.swo wp-config.php_bak wp-config.bak wp-config.php.bak wp-config.save wp-config.old wp-config.php.old wp-config.php.orig wp-config.orig wp-config.php.original wp-config.original wp-config.txt } # thanks to Feross.org for these end |
Instance Method Details
- (Object) config_backup
Checks to see if wp-config.php has a backup See www.feross.org/cmsploit/ return an array of backup config files url
9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 |
# File 'lib/wpscan/wp_target/wp_config_backup.rb', line 9 def config_backup found = [] backups = WpConfigBackup.config_backup_files browser = Browser.instance hydra = browser.hydra queue_count = 0 backups.each do |file| file_url = @uri.merge(URI.escape(file)).to_s request = browser.forge_request(file_url) request.on_complete do |response| if response.body[%r{define}i] and not response.body[%r{<\s?html}i] found << file_url end end hydra.queue(request) queue_count += 1 if queue_count == browser.max_threads hydra.run queue_count = 0 end end hydra.run found end |