search

wpscanteam / wpscan

WPScan WordPress security scanner. Written for security professionals and blog maintainers to test the security of their WordPress websites. Contact us via contact@wpscan.com
https://wpscan.com/wordpress-cli-scanner
Other
8.56k stars 1.26k forks source link

Check if Core and Vulnerability data mesh #715

Closed drmike closed 9 years ago

drmike commented 9 years ago

I have checked to see if there is a previous ticket and do not see one.

Getting the following error:

undefined method `split' for #Array:0xa85fae8

Please note that the single quote before split is a slanted one while the following single quote is a normal straight up and down one.

I was running the scan command when it occurred:

./wpscan.rb --url http://mydomain.tld

I had run update right before running the scan. The domain in question is actually a child site of a multisite install but is normally the one I run the scan against without previous issue.

Please let me know if you need further details.

ethicalhack3r commented 9 years ago

Thanks for the report! Could you provide the full error that you're receiving please?

What version of Ruby are you running? ruby -v

drmike commented 9 years ago

ruby 1.9.3p194 (2012-04-20 revision 35410) [i486-linux]

That actually is the full error but in red text. I'll run a verbose and copy and paste it in the next comment.

edit: I see the trace with the verbose but I'll still copy and paste just to be sure.

drmike commented 9 years ago

root@vps3:~/wpscan# ./wpscan.rb --verbose --url http://mydomain.tld

    __          _______   _____
    \ \        / /  __ \ / ____|
     \ \  /\  / /| |__) | (___   ___  __ _ _ __
      \ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \
       \  /\  /  | |     ____) | (__| (_| | | | |
        \/  \/   |_|    |_____/ \___|\__,_|_| |_|

    WordPress Security Scanner by the WPScan Team
                   Version 2.4.1
 Sponsored by the RandomStorm Open Source Initiative

@WPScan, @ethicalhack3r, @erwan_lr, pvdl, @FireFart

[+] URL: http://mydomain.tld/ [+] Started: Sat Nov 1 14:51:16 2014

[!] The WordPress 'http://mydomain.tld/readme.html' file exists [+] Interesting header: SERVER: nginx [+] Interesting header: X-POWERED-BY: PHP/5.4.4-14+deb7u14 [+] This site seems to be a multisite (http://codex.wordpress.org/Glossary#Multisite) [+] XML-RPC Interface available under: http://mydomain.tld/xmlrpc.php

[+] WordPress version 4.0 identified from meta generator

[+] WordPress theme in use: sunspot - v1.1

[+] Name: sunspot - v1.1 | Location: http://mydomain.tld/wp-content/themes/sunspot/ | Readme: http://mydomain.tld/wp-content/themes/sunspot/readme.txt | Style URL: http://mydomain.tld/wp-content/themes/sunspot/style.css | Theme Name: Sunspot | Theme URI: http://theme.wordpress.com/themes/sunspot | Description: A sharp theme with subtle grid lines and sun-splashed accents, Sunspot is a great all-purpose blogging canvas, especially for those who prefer a dark color scheme. Sunspot offers two arrangements for posts on the front page. Additional features include a custom header and a custom background, two optional widget areas, and a responsive layout that adapts gracefully to smaller screen sizes. | Author: Automattic | Author URI: http://automattic.com/ | License: GNU General Public License | License URI: http://www.gnu.org/licenses/gpl-2.0.html | Tags: dark, black, orange, tan, yellow, two-columns, three-columns, left-sidebar, right-sidebar, custom-background, custom-colors, custom-header, custom-menu, featured-images, rtl-language-support, sticky-post, theme-options, translation-ready

[+] Enumerating plugins from passive detection ... | 2 plugins found:

[+] Name: w3-total-cache - v0.9.4 | Location: http://mydomain.tld/wp-content/plugins/w3-total-cache/ | Readme: http://mydomain.tld/wp-content/plugins/w3-total-cache/readme.txt | Changelog: http://mydomain.tld/wp-content/plugins/w3-total-cache/changelog.txt

undefined method split' for #<Array:0x93727fc> Trace: /root/wpscan/lib/common/models/vulnerability.rb:47:inblock in load_from_json_item' /root/wpscan/lib/common/models/vulnerability.rb:46:in each' /root/wpscan/lib/common/models/vulnerability.rb:46:inload_from_json_item' /root/wpscan/lib/common/models/wp_item/vulnerable.rb:20:in block (2 levels) in vulnerabilities' /root/wpscan/lib/common/models/wp_item/vulnerable.rb:19:ineach' /root/wpscan/lib/common/models/wp_item/vulnerable.rb:19:in block in vulnerabilities' /root/wpscan/lib/common/models/wp_item/vulnerable.rb:15:ineach' /root/wpscan/lib/common/models/wp_item/vulnerable.rb:15:in vulnerabilities' /root/wpscan/lib/common/models/wp_item/output.rb:24:inoutput' /root/wpscan/lib/common/collections/wp_items/output.rb:7:in block in output' /root/wpscan/lib/common/collections/wp_items/output.rb:7:ineach' /root/wpscan/lib/common/collections/wp_items/output.rb:7:in output' ./wpscan.rb:237:inmain' ./wpscan.rb:404:in `

'

ethicalhack3r commented 9 years ago

Thanks! Could you try running wpscan with just the --update flag and then trying again? (seems like a problem with the vulnerability json data)

drmike commented 9 years ago

I run it each time before I run the scan. I do note though that I;m showing mine as v2.4.1 while other tickets are showing at v2.5.1.

root@vps3:~/wpscan# ruby ./wpscan.rb --update --verbose

    __          _______   _____
    \ \        / /  __ \ / ____|
     \ \  /\  / /| |__) | (___   ___  __ _ _ __
      \ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \
       \  /\  /  | |     ____) | (__| (_| | | | |
        \/  \/   |_|    |_____/ \___|\__,_|_| |_|

    WordPress Security Scanner by the WPScan Team
                   Version 2.4.1
 Sponsored by the RandomStorm Open Source Initiative

@WPScan, @ethicalhack3r, @erwan_lr, pvdl, @FireFart

[i] Updating the Database ... [+] Checking local_vulnerable_files.xml [i] Already Up-To-Date [+] Checking local_vulnerable_files.xsd [i] Already Up-To-Date [+] Checking malwares.txt [i] Already Up-To-Date [+] Checking plugins_full.txt [i] Already Up-To-Date [+] Checking plugins.txt [i] Already Up-To-Date [+] Checking themes_full.txt [i] Already Up-To-Date [+] Checking themes.txt [i] Already Up-To-Date [+] Checking timthumbs.txt [i] Already Up-To-Date [+] Checking user-agents.txt [i] Already Up-To-Date [+] Checking wp_versions.xml [i] Already Up-To-Date [+] Checking wp_versions.xsd [i] Already Up-To-Date [+] Checking plugin_vulns.json [i] Already Up-To-Date [+] Checking theme_vulns.json [i] Already Up-To-Date [+] Checking wp_vulns.json [i] Already Up-To-Date [i] Update completed.

drmike commented 9 years ago

This may be related to #691. Didn't see we had to manually update the script now instead of just doing the upgrade per the instructions. Gone to check....

drmike commented 9 years ago

That appears to have been the issue. Core wasn't updated while the vulnerabilities had been updated.

Maybe a check to see if the two sides mesh would be a good idea?

ethicalhack3r commented 9 years ago

Ah! Well spotted, didn't notice that myself, thought it may have been an issue with the json data generation.

I'm not sure if it would be possible to warn users if WPScan is outdated, at least not retrospectively.

drmike commented 9 years ago

Maybe even a mention in the docs that both portions of the script need to be updated separately.....