installed plugin WPScan version 1.15.1

2021-05-13 11:27:50 +00:00
parent 2b403ab680
commit e0e2392c3c
193 changed files with 30878 additions and 0 deletions
--- a/wp-content/plugins/wpscan/security-checks/database-exports/assets/db_exports.txt
+++ b/wp-content/plugins/wpscan/security-checks/database-exports/assets/db_exports.txt
@ -0,0 +1,36 @@
+{domain_name}.sql
+{domain_name}.sql.gz
+{domain_name}.zip
+db.sql
+site.sql
+database.sql
+data.sql
+dump.sql
+db_backup.sql
+dbdump.sql
+wordpress.sql
+mysql.sql
+backup/{domain_name}.sql
+backup/{domain_name}.sql.gz
+backup/{domain_name}.zip
+backup/db.sql
+backup/site.sql
+backup/database.sql
+backup/data.sql
+backup/dump.sql
+backup/db_backup.sql
+backup/dbdump.sql
+backup/wordpress.sql
+backup/mysql.sql
+backups/{domain_name}.sql
+backups/{domain_name}.sql.gz
+backups/{domain_name}.zip
+backups/db.sql
+backups/site.sql
+backups/database.sql
+backups/data.sql
+backups/dump.sql
+backups/db_backup.sql
+backups/dbdump.sql
+backups/wordpress.sql
+backups/mysql.sql
--- a/wp-content/plugins/wpscan/security-checks/database-exports/check.php
+++ b/wp-content/plugins/wpscan/security-checks/database-exports/check.php
@ -0,0 +1,81 @@
+<?php
+/**
+ * Classname: WPScan\Checks\databaseExports
+ */
+
+namespace WPScan\Checks;
+
+// Exit if accessed directly.
+defined( 'ABSPATH' ) || exit;
+
+/**
+ * DatabaseExports.
+ *
+ * Checks for exported database files.
+ *
+ * @since 1.0.0
+ */
+class databaseExports extends Check {
+	/**
+	 * Title.
+	 *
+	 * @since 1.0.0
+	 * @access public
+	 * @return string
+	 */
+	public function title() {
+		return __( 'Database Exports', 'wpscan' );
+	}
+
+	/**
+	 * Description.
+	 *
+	 * @since 1.0.0
+	 * @access public
+	 * @return string
+	 */
+	public function description() {
+		return __( 'Search the file system for database export files that are publicly accessible.', 'wpscan' );
+	}
+
+	/**
+	 * Success message.
+	 *
+	 * @since 1.0.0
+	 * @access public
+	 * @return string
+	 */
+	public function success_message() {
+		return __( 'No publicly accessible database export files were found', 'wpscan' );
+	}
+
+	/**
+	 * Perform the check and save the results.
+	 *
+	 * @since 1.0.0
+	 * @access public
+	 * @return void
+	 */
+	public function perform() {
+		$vulnerabilities = $this->get_vulnerabilities();
+
+    $host    = parse_url( get_site_url(), PHP_URL_HOST );
+		$text    = file_get_contents( $this->dir . '/assets/db_exports.txt' );
+		$exports = str_replace( '{domain_name}', $host, $text );
+		$names   = explode( PHP_EOL, $exports );
+
+		foreach ( $names as $name ) {
+			$path = ABSPATH . $name;
+			$url  = esc_url( get_site_url() . '/' . $name );
+			
+			if ( file_exists( $path ) ) {
+				$response = wp_remote_head( $url, array( 'timeout' => 5 ) );
+				$code     = wp_remote_retrieve_response_code( $response );
+
+				if ( 200 === $code ) {
+					$this->add_vulnerability( __( 'A publicly accessible database file  was found in', 'wpscan' ) . " <a href='$url' target='_blank'>$url</a>.", 'high', sanitize_title( $name ), 'https://blog.wpscan.com/2021/01/28/wordpress-database-backup-files.html' );
+				}
+			}
+		}
+	}
+}