module WpTarget::WpConfigBackup

Public Class Methods

config_backup_files() click to toggle source

@return Array

# File lib/wpscan/wp_target/wp_config_backup.rb, line 40
def self.config_backup_files
  %w{
    wp-config.php~ #wp-config.php# wp-config.php.save wp-config.php.swp wp-config.php.swo wp-config.php_bak
    wp-config.bak wp-config.php.bak wp-config.save wp-config.old wp-config.php.old wp-config.php.orig
    wp-config.orig wp-config.php.original wp-config.original wp-config.txt
  } # thanks to Feross.org for these
end

Public Instance Methods

config_backup() click to toggle source

Checks to see if wp-config.php has a backup See www.feross.org/cmsploit/ return an array of backup config files url

# File lib/wpscan/wp_target/wp_config_backup.rb, line 8
def config_backup
  found       = []
  backups     = WpConfigBackup.config_backup_files
  browser     = Browser.instance
  hydra       = browser.hydra
  queue_count = 0

  backups.each do |file|
    file_url = @uri.merge(URI.escape(file)).to_s
    request = browser.forge_request(file_url)

    request.on_complete do |response|
      if response.body[%r{define}] and not response.body[%r{<\s?html}]
        found << file_url
      end
    end

    hydra.queue(request)
    queue_count += 1

    if queue_count == browser.max_threads
      hydra.run
      queue_count = 0
    end
  end

  hydra.run

  found
end