Merge pull request #1787 from 0n1shi/fix/db-exports-not-detected

Fixed #1759
wpscanteam · Oct 14, 2023 · bce3b48 · bce3b48
2 parents a423b15 + 2c1eb27
commit bce3b48
Showing 1 changed file with 5 additions and 1 deletion.
diff --git a/app/finders/db_exports/known_locations.rb b/app/finders/db_exports/known_locations.rb
@@ -7,6 +7,10 @@ module DbExports
       class KnownLocations < CMSScanner::Finders::Finder
         include CMSScanner::Finders::Finder::Enumerator
 
+        def valid_response_codes
+          @valid_response_codes ||= [200, 206].freeze
+        end
+
         SQL_PATTERN = /(?:DROP|(?:UN)?LOCK|CREATE|ALTER) (?:TABLE|DATABASE)|INSERT INTO/.freeze
 
         # @param [ Hash ] opts
@@ -17,7 +21,7 @@ class KnownLocations < CMSScanner::Finders::Finder
         def aggressive(opts = {})
           found = []
 
-          enumerate(potential_urls(opts), opts.merge(check_full_response: 200)) do |res|
+          enumerate(potential_urls(opts), opts.merge(check_full_response: valid_response_codes)) do |res|
             if res.effective_url.end_with?('.zip')
               next unless %r{\Aapplication/zip}i.match?(res.headers['Content-Type'])
             else