Re: [Enhancement+Bug] Latest theme checking support for http-wordpress-enum

[Daniel Miller <bonsaiviking () gmail com>]

On Tue, Feb 10, 2015 at 4:10 PM, Gyanendra Mishra <anomaly.the () gmail com>
wrote:

> Hi,
>
> Recently http-wordpress-plugins was merged with http-wordpress-themes and
> a few other features were added.[1]
>
> I have added latest version checking  for themes. Currently for clarity I
> have kept it as a separate function(get_latest_theme_version)  which can
> easily be combined with the function that returns the latest plugin
> version. Every theme seems to have the theme version stored here :
>
> https://wordpress.org/themes/rss/topic/<themename>
>
>
> In the <description> there is  an <img> that has the latest version in
>  src attribute. I am essentially fetching the latest version of the theme
> from there. As its rss its fast to fetch. I have attached the modified
> http-wordpress-enum file.
>
> After I was done with the script I tried running it. That is when I
> noticed a bug. It seems that if  the search limit is X the script shows top
> X themes/plugins in wp-themes.lst/wp-plugins.lst even if they aren't being
>  used on the target. Could someone please confirm this? Its probably a
> small error, will work on it tomorrow.
Gyanendra,

I just pushed a fix to address a couple global variables that may have
affected this bug. If you haven't seen our Code Standards wiki page [1],
I'd recommend using some of the automatic tools available there to check
for potential problems.

Dan

[1]  https://secwiki.org/w/Nmap/Code_Standards

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/