update wordpress readme regex

firefart · firefart · commit 056046f38b63 · 2015-01-01T23:13:20.000+01:00
diff --git a/lib/msf/http/wordpress/version.rb b/lib/msf/http/wordpress/version.rb
@@ -98,7 +98,7 @@ def check_version_from_readme(type, name, fixed_version, vuln_introduced_version
     # try to extract version from readme
     # Example line:
     # Stable tag: 2.6.6
-    version = res.body.to_s[/stable tag: ([^\r\n"\']+\.[^\r\n"\']+)/i, 1]
+    version = res.body.to_s[/(?:stable tag|version): (?!trunk)([0-9a-z.-]+)/i, 1]
 
     # readme present, but no version number
     return Msf::Exploit::CheckCode::Detected if version.nil?
diff --git a/spec/lib/msf/http/wordpress/version_spec.rb b/spec/lib/msf/http/wordpress/version_spec.rb
@@ -129,6 +129,13 @@
       it { expect(subject.send(:check_version_from_readme, :plugin, 'name', wp_fixed_version, wp_introd_version)).to be(Msf::Exploit::CheckCode::Safe) }
     end
 
+    context 'when installed version is newer (text in version number)' do
+      let(:wp_code) { 200 }
+      let(:wp_fixed_version) { '1.5.3' }
+      let(:wp_body) { 'Stable tag: 2.0.0-beta1' }
+      it { expect(subject.send(:check_version_from_readme, :plugin, 'name', wp_fixed_version)).to be(Msf::Exploit::CheckCode::Safe) }
+    end
+
   end
 
 end
