Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Detector for sitepress-multilingual-cms's version doesn't work #1386

Closed
DrMurx opened this issue Sep 2, 2019 · 4 comments
Closed

Detector for sitepress-multilingual-cms's version doesn't work #1386

DrMurx opened this issue Sep 2, 2019 · 4 comments

Comments

@DrMurx
Copy link

DrMurx commented Sep 2, 2019

Before submitting an issue, please make sure you fully read any potential error messages output and did some research on your own.

Subject of the issue

The version of sitepress-multilingual-cms isn't detected properly with the current dynamic_finders.yml which tries to match a regular expression in the plugin's changelog.md.

Nowadays sitepress-multilingual-cms doesn't have a changelog.md anymore, instead it comes with a changelog directory where every version has its own markdown file.

Given that, the current dynamic_finders.yml might even detect a wrong version of the plugin if the site's theme has a custom 404 error page (will be delivered due to the missing changelog.md) which accidentally matches the regular expression to detect the version.

Your environment

  • Version of WPScan: 3.5.5
  • Version of Ruby: 2.4.4p296
  • Operating System (OS): Linux
@erwanlr erwanlr closed this as completed in 7a8b27a Sep 2, 2019
@erwanlr
Copy link
Member

erwanlr commented Sep 2, 2019

Thanks for the report!

@DrMurx
Copy link
Author

DrMurx commented Sep 3, 2019
edited
Loading

@erwanlr I think the new changelog directory gives a very unique approach to find the exact version if WPML even if the other detection mechanisms won't work (certain wordpress caching plugins spoil the detection via query parameters).

Here's an arbitrary site I just googled that has directory listings turned on so you can see the version markdown files:

https://www.inkoma-albert.com/wp-content/plugins/sitepress-multilingual-cms/changelog/

Since most sites don't allow directory listing, wpscan would have to enumerate the markdown files.

Also, wpscan's dynamic_finder should respect a 404 response when using the BodyPattern class. I think that's a different, yet related issue to the problem I described initially.

@erwanlr
Copy link
Member

erwanlr commented Sep 3, 2019

I am aware of the changelog directory, however there is an inconsistency between the version form the files there and the version from other places, such as the WPML generator tag.

In your example, the latest in the changelog is 4.0.0 whereas the WPML generator tag is at 3.9.3. I've checked some other blogs using the plugin as well and notice the same behaviour.

Furthermore, given the very aggressive nature of the detection via the changelog directory, and the fact that we would need to know the latest version of the premium plugin, it's not worth it.

I've just noticed that there is also the version disclosed via the wpml-dependencies.json file, so I've added that.

Re the respect of the 404, I will have a look

@erwanlr erwanlr reopened this Sep 3, 2019
erwanlr added a commit that referenced this issue Sep 3, 2019
@erwanlr
Ref #1386
fdbfd1e
erwanlr added a commit that referenced this issue Sep 5, 2019
@erwanlr
Ignores 404 with BodyPattern DF - Ref #1386
264355d
@erwanlr
Copy link
Member

erwanlr commented Sep 5, 2019

404 are now ignored by the BodyPattern DF

@erwanlr erwanlr closed this as completed Sep 5, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@DrMurx @erwanlr