lib/rules/fpd-vulnerability.js from sergejmueller/wpscan

lib/rules/fpd-vulnerability.js

Summary

Maintainability

0 mins

Test Coverage

Issues

 
/**
 * wpcheck module fpd-vulnerability.js
 * Scan a PHP file for Full Path Disclosure
 */
 
 
/**
 * Required modules
 */
 
const request = require( 'request' ).defaults( { followRedirect: false } )
const fs = require( '../fs' )
const log = require( '../log' )
 
 
/**
 * Initiator method
 *
 * @param   {Object}  data  Data object with request values
 * @return  void
 */
 
exports.fire = ( data ) => {
 
    const { wpURL, siteURL, userAgent, silentMode } = data
 
    const filterName = fs.fileName( __filename, '.js' )
 
    const logObj = { silentMode, filterName }
 
    const targetURL = `${wpURL}/wp-includes/rss.php`
 
    request( {
        'url': targetURL,
        'method': 'GET',
        'headers': { 'User-Agent': userAgent }
    }, ( error, response, body ) => {
 
        if ( error || response.statusCode === 404 ) {
            return log.info( `${targetURL} is not found`, logObj )
        }
 
        if ( body.includes( '_deprecated_file' ) ) {
            return log.warn( `${siteURL} is affected by FPD vulnerability`, logObj )
        }
 
        return log.ok( `${siteURL} is not affected by FPD vulnerability`, logObj )
 
    } )
}