Update CMS module

Handle the case where the given URL is not the root URL. Use urljoin() for joining URLs with items.
OussamaBeng · Apr 26, 2024 · 13d9bb1 · 13d9bb1
1 parent 9f93179
commit 13d9bb1
Show file tree

Hide file tree

Showing 6 changed files with 30 additions and 9 deletions.
diff --git a/wapitiCore/attack/cms/mod_drupal_enum.py b/wapitiCore/attack/cms/mod_drupal_enum.py
@@ -1,5 +1,7 @@
 import json
 from typing import Optional
+from urllib.parse import urljoin
+
 from httpx import RequestError
 
 from wapitiCore.net import Request
@@ -21,7 +23,8 @@ class ModuleDrupalEnum(CommonCMS):
     async def check_drupal(self, url):
         check_list = ['core/misc/drupal.js', 'misc/drupal.js']
         for item in check_list:
-            request = Request(f'{url}{item}', 'GET')
+            item_url = urljoin(url, item)
+            request = Request(item_url, 'GET')
             try:
                 response: Response = await self.crawler.async_send(request, follow_redirects=True)
             except RequestError:

diff --git a/wapitiCore/attack/cms/mod_joomla_enum.py b/wapitiCore/attack/cms/mod_joomla_enum.py
@@ -20,7 +20,7 @@ class ModuleJoomlaEnum(CommonCMS):
 
     async def check_joomla(self, url):
 
-        request = Request(f'{url}', 'GET')
+        request = Request(url, 'GET')
         try:
             response: Response = await self.crawler.async_send(request, follow_redirects=True)
         except RequestError:

diff --git a/wapitiCore/attack/cms/mod_prestashop_enum.py b/wapitiCore/attack/cms/mod_prestashop_enum.py
@@ -21,7 +21,7 @@ class ModulePrestashopEnum(CommonCMS):
 
     async def check_prestashop(self, url):
 
-        request = Request(f'{url}', 'GET')
+        request = Request(url, 'GET')
         try:
             response: Response = await self.crawler.async_send(request, follow_redirects=True)
         except RequestError:

diff --git a/wapitiCore/attack/cms/mod_spip_enum.py b/wapitiCore/attack/cms/mod_spip_enum.py
@@ -22,7 +22,7 @@ class ModuleSpipEnum(CommonCMS):
 
     async def check_spip(self, url):
 
-        request = Request(f'{url}', 'GET')
+        request = Request(url, 'GET')
         try:
             response: Response = await self.crawler.async_send(request, follow_redirects=True)
         except RequestError:

diff --git a/wapitiCore/attack/cms/mod_wp_enum.py b/wapitiCore/attack/cms/mod_wp_enum.py
@@ -2,6 +2,8 @@
 import re
 from os.path import join as path_join
 from typing import Optional
+from urllib.parse import urljoin
+
 from httpx import RequestError
 
 from wapitiCore.net import Request
@@ -30,7 +32,7 @@ async def check_wp(self, url):
             "generator\" content=\"wordpress",  # Check for the generator meta tag
             "wp-embed-responsive",  # Check for WordPress oEmbed script
         ]
-        request = Request(f'{url}', 'GET')
+        request = Request(url, 'GET')
         try:
             response: Response = await self.crawler.async_send(request, follow_redirects=True)
         except RequestError:
@@ -69,8 +71,13 @@ async def detect_plugin(self, url):
         for plugin in self.get_plugin():
             if self._stop_event.is_set():
                 break
-
-            request = Request(f'{url}/wp-content/plugins/{plugin}/readme.txt', 'GET')
+            plugin_path = f'/wp-content/plugins/{plugin}/readme.txt'
+            plugin_url = urljoin(url, plugin_path)
+            if plugin in ["wp-reset", "bbpress", "unyson"]:
+                print("===========================================================================")
+                print(plugin_url)
+                print("===========================================================================")
+            request = Request(plugin_url, 'GET')
             response = await self.crawler.async_send(request)
 
             if response.is_success:
@@ -128,7 +135,9 @@ async def detect_theme(self, url):
             if self._stop_event.is_set():
                 break
 
-            request = Request(f'{url}/wp-content/themes/{theme}/readme.txt', 'GET')
+            theme_path = f'/wp-content/themes/{theme}/readme.txt'
+            theme_url = urljoin(url, theme_path)
+            request = Request(theme_url, 'GET')
             response = await self.crawler.async_send(request)
 
             if response.is_success:

diff --git a/wapitiCore/attack/mod_cms.py b/wapitiCore/attack/mod_cms.py
@@ -1,6 +1,7 @@
 from asyncio import Event
 
 from typing import Optional
+from urllib.parse import urlparse
 
 from wapitiCore.attack.cms.mod_drupal_enum import ModuleDrupalEnum
 from wapitiCore.attack.cms.mod_joomla_enum import ModuleJoomlaEnum
@@ -16,6 +17,13 @@
 MSG_TECHNO_VERSIONED = "{0} {1} detected"
 
 
+def get_root_url(url):
+    parsed_url = urlparse(url)
+    # Reconstruct the root URL without the path
+    root_url = parsed_url.scheme + '://' + parsed_url.netloc + '/'
+    return root_url
+
+
 class ModuleCms(Attack):
     """Base class for detecting version."""
     name = "cms"
@@ -33,7 +41,8 @@ async def must_attack(self, request: Request, response: Optional[Response] = Non
 
     async def attack(self, request: Request, response: Optional[Response] = None):
         self.finished = True
-        request_to_root = Request(request.url)
+        root_url = get_root_url(request.url)
+        request_to_root = Request(root_url)
         cms_list = self.cms.split(',')
 
         if "drupal" in cms_list: