From a465c999f11393b5190c9d7532da73fd8daca4dd Mon Sep 17 00:00:00 2001 From: devloop Date: Sun, 8 Oct 2023 09:42:53 +0200 Subject: [PATCH] fix wp version detection when root.findtext returns None --- wapitiCore/attack/mod_wp_enum.py | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/wapitiCore/attack/mod_wp_enum.py b/wapitiCore/attack/mod_wp_enum.py index 08ee31e87..1da299b11 100644 --- a/wapitiCore/attack/mod_wp_enum.py +++ b/wapitiCore/attack/mod_wp_enum.py @@ -64,13 +64,19 @@ async def detect_version(self, url: str): if root is None: continue + try: generator_text = root.findtext('./channel/generator') except xml.etree.ElementTree.ParseError: continue + + if not generator_text: + continue + version: Match = re.search(r"\Ahttps?:\/\/wordpress\.(?:[a-z]+)\/\?v=(.*)\Z", generator_text) if version is None: continue + detected_version = version.group(1) break @@ -171,6 +177,7 @@ async def detect_theme(self, url): request = Request(f'{url}/wp-content/themes/{theme}/readme.txt', 'GET') response = await self.crawler.async_send(request) + if response.is_success: version = re.search(r'tag:\s*([\d.]+)', response.content) # This check was added to detect invalid format of "Readme.txt" who can cause a crashe