/spec/lib/msf/http/wordpress/version_spec.rb

https://github.com/debbiemezyene/metasploit-framework · Ruby · 134 lines · 110 code · 23 blank · 1 comment · 0 complexity · 0fd27c876582f2b1ecc61d743fec8359 MD5 · raw file

  1. # -*- coding:binary -*-
  2. require 'spec_helper'
  3. require 'msf/core'
  4. require 'msf/core/exploit'
  5. require 'rex/proto/http/response'
  6. require 'msf/http/wordpress'
  7. describe Msf::HTTP::Wordpress::Version do
  8. subject do
  9. mod = ::Msf::Exploit.new
  10. mod.extend ::Msf::HTTP::Wordpress
  11. mod.send(:initialize)
  12. mod
  13. end
  14. describe '#wordpress_version' do
  15. before :each do
  16. allow(subject).to receive(:send_request_cgi) do |opts|
  17. res = Rex::Proto::Http::Response.new
  18. res.code = 200
  19. res.body = wp_body
  20. res
  21. end
  22. end
  23. let(:wp_version) {
  24. r = Random.new
  25. "#{r.rand(10)}.#{r.rand(10)}.#{r.rand(10)}"
  26. }
  27. context 'when version from generator' do
  28. let(:wp_body) { '<meta name="generator" content="WordPress ' << wp_version << '" />' }
  29. it { expect(subject.wordpress_version).to eq(wp_version) }
  30. end
  31. context 'when version from readme' do
  32. let(:wp_body) { " <br /> Version #{wp_version}" }
  33. it { expect(subject.wordpress_version).to eq(wp_version) }
  34. end
  35. context 'when version from rss' do
  36. let(:wp_body) { "<generator>http://wordpress.org/?v=#{wp_version}</generator>" }
  37. it { expect(subject.wordpress_version).to eq(wp_version) }
  38. end
  39. context 'when version from rdf' do
  40. let(:wp_body) { '<admin:generatorAgent rdf:resource="http://wordpress.org/?v=' << wp_version << '" />' }
  41. it { expect(subject.wordpress_version).to eq(wp_version) }
  42. end
  43. context 'when version from atom' do
  44. let(:wp_body) { '<generator uri="http://wordpress.org/" version="' << wp_version << '">WordPress</generator>' }
  45. it { expect(subject.wordpress_version).to eq(wp_version) }
  46. end
  47. context 'when version from sitemap' do
  48. let(:wp_body) { '<!-- generator="WordPress/' << wp_version << '" -->' }
  49. it { expect(subject.wordpress_version).to eq(wp_version) }
  50. end
  51. context 'when version from opml' do
  52. let(:wp_body) { '<!-- generator="WordPress/' << wp_version << '" -->' }
  53. it { expect(subject.wordpress_version).to eq(wp_version) }
  54. end
  55. end
  56. describe '#check_version_from_readme' do
  57. before :each do
  58. allow(subject).to receive(:send_request_cgi) do |opts|
  59. res = Rex::Proto::Http::Response.new
  60. res.code = wp_code
  61. res.body = wp_body
  62. res
  63. end
  64. end
  65. let(:wp_code) { 200 }
  66. let(:wp_body) { nil }
  67. let(:wp_fixed_version) { nil }
  68. context 'when no readme is found' do
  69. let(:wp_code) { 404 }
  70. it { expect(subject.send(:check_version_from_readme, :plugin, 'name', wp_fixed_version)).to be(Msf::Exploit::CheckCode::Unknown) }
  71. end
  72. context 'when no version can be extracted from readme' do
  73. let(:wp_code) { 200 }
  74. let(:wp_body) { 'invalid content' }
  75. it { expect(subject.send(:check_version_from_readme, :plugin, 'name', wp_fixed_version)).to be(Msf::Exploit::CheckCode::Detected) }
  76. end
  77. context 'when installed version is vulnerable' do
  78. let(:wp_code) { 200 }
  79. let(:wp_fixed_version) { '1.0.1' }
  80. let(:wp_body) { 'stable tag: 1.0.0' }
  81. it { expect(subject.send(:check_version_from_readme, :plugin, 'name', wp_fixed_version)).to be(Msf::Exploit::CheckCode::Appears) }
  82. end
  83. context 'when installed version is not vulnerable' do
  84. let(:wp_code) { 200 }
  85. let(:wp_fixed_version) { '1.0.1' }
  86. let(:wp_body) { 'stable tag: 1.0.2' }
  87. it { expect(subject.send(:check_version_from_readme, :plugin, 'name', wp_fixed_version)).to be(Msf::Exploit::CheckCode::Safe) }
  88. end
  89. context 'when installed version is vulnerable (version range)' do
  90. let(:wp_code) { 200 }
  91. let(:wp_fixed_version) { '1.0.2' }
  92. let(:wp_introd_version) { '1.0.0' }
  93. let(:wp_body) { 'stable tag: 1.0.1' }
  94. it { expect(subject.send(:check_version_from_readme, :plugin, 'name', wp_fixed_version, wp_introd_version)).to be(Msf::Exploit::CheckCode::Appears) }
  95. end
  96. context 'when installed version is older (version range)' do
  97. let(:wp_code) { 200 }
  98. let(:wp_fixed_version) { '1.0.1' }
  99. let(:wp_introd_version) { '1.0.0' }
  100. let(:wp_body) { 'stable tag: 0.0.9' }
  101. it { expect(subject.send(:check_version_from_readme, :plugin, 'name', wp_fixed_version, wp_introd_version)).to be(Msf::Exploit::CheckCode::Safe) }
  102. end
  103. context 'when installed version is newer (version range)' do
  104. let(:wp_code) { 200 }
  105. let(:wp_fixed_version) { '1.0.1' }
  106. let(:wp_introd_version) { '1.0.0' }
  107. let(:wp_body) { 'stable tag: 1.0.2' }
  108. it { expect(subject.send(:check_version_from_readme, :plugin, 'name', wp_fixed_version, wp_introd_version)).to be(Msf::Exploit::CheckCode::Safe) }
  109. end
  110. end
  111. end