Better fix for #1451, adds target IP address to output, ref #1088

wpscanteam · Feb 11, 2020 · e2d48be · e2d48be
1 parent 6b241ce
commit e2d48be
Show file tree

Hide file tree

Showing 4 changed files with 10 additions and 12 deletions.
diff --git a/lib/wpscan/db/updater.rb b/lib/wpscan/db/updater.rb
@@ -67,13 +67,13 @@ def missing_files?
       # @return [ Hash ] The params for Typhoeus::Request
       # @note Those params can't be overriden by CLI options
       def request_params
-        @request_params ||= {
+        @request_params ||= Browser.instance.default_connect_request_params.merge(
           timeout: 600,
           connecttimeout: 300,
           accept_encoding: 'gzip, deflate',
           cache_ttl: 0,
           headers: { 'User-Agent' => Browser.instance.default_user_agent, 'Referer' => nil }
-        }
+        )
       end
 
       # @return [ String ] The raw file URL associated with the given filename
@@ -85,7 +85,7 @@ def remote_file_url(filename)
       def remote_file_checksum(filename)
         url = "#{remote_file_url(filename)}.sha512"
 
-        res = Browser.get(url, request_params)
+        res = Typhoeus.get(url, request_params)
         raise Error::Download, res if res.timed_out? || res.code != 200
 
         res.body.chomp
@@ -126,7 +126,7 @@ def download(filename)
         file_path = local_file_path(filename)
         file_url  = remote_file_url(filename)
 
-        res = Browser.get(file_url, request_params)
+        res = Typhoeus.get(file_url, request_params)
         raise Error::Download, res if res.timed_out? || res.code != 200
 
         File.open(file_path, 'wb') { |f| f.write(res.body) }

diff --git a/lib/wpscan/db/vuln_api.rb b/lib/wpscan/db/vuln_api.rb
@@ -66,17 +66,14 @@ def self.status
       end
 
       # @return [ Hash ]
-      # Those params can not be overriden by CLI options, except for the cache_ttl
+      # @note Those params can not be overriden by CLI options
       def self.default_request_params
-        @default_request_params ||= {
-          timeout: 30,
-          connecttimeout: 15,
-          cache_ttl: Browser.instance.cache_ttl,
+        Browser.instance.default_connect_request_params.merge(
           headers: {
             'User-Agent' => Browser.instance.default_user_agent,
             'Authorization' => "Token token=#{token}"
           }
-        }
+        )
       end
     end
   end

diff --git a/spec/lib/db/vuln_api_spec.rb b/spec/lib/db/vuln_api_spec.rb
@@ -5,8 +5,9 @@
 
   let(:request_headers) do
     {
+      'Expect' => nil,
       'User-Agent' => WPScan::Browser.instance.default_user_agent,
-      'Authorization' => 'Token token=s3cRet'
+      'Authorization' => 'Token token=' + api.token
     }
   end
 

diff --git a/wpscan.gemspec b/wpscan.gemspec
@@ -21,7 +21,7 @@ Gem::Specification.new do |s|
   s.executables           = ['wpscan']
   s.require_paths         = ['lib']
 
-  s.add_dependency 'cms_scanner', '~> 0.8.1'
+  s.add_dependency 'cms_scanner', '~> 0.8.2'
 
   s.add_development_dependency 'bundler',             '>= 1.6'
   s.add_development_dependency 'coveralls',           '~> 0.8.0'