Database exports not detected

[arall]

Subject of the issue

Database exports not detected.

Your environment

• Version of WPScan: 3.8.22
• Version of Ruby: 2.6.8p205
• Operating System (OS): macOS

Steps to reproduce

I've created a test environment with some mocked vulnerabilities to test.
Two database export exists in the website, located in the following paths:

• https://wordpress.vulnerable.arall.net/wp-content/uploads/dump.sql
• https://wordpress.vulnerable.arall.net/backups/wordpress.vulnerable.arall.zip

But when I run:

wpscan --url https://wordpress.vulnerable.arall.net --enumerate dbe

It only reports the last one:

[!] https://wordpress.vulnerable.arall.net/backups/wordpress.vulnerable.arall.zip
 | Found By: Direct Access (Aggressive Detection)

Expected behavior

WPScan should report both database exports.

Actual behavior

WPScan only reports one database export.

What have you already tried

I monitor the HTTP calls with a proxy, and both files are reached.

What I think the issue is that WPScan is sending a header with Range: bytes=0-3000, and expect a 200 response.
However, the server is responding with 206 Partial Content.

[erwanlr]

What I think the issue is that WPScan is sending a header with Range: bytes=0-3000, and expect a 200 response.
However, the server is responding with 206 Partial Content.

Yep, it appears to be because of this, thanks for the details!

Reminder for myself for the fix: override the valid_response_codes method to add the 206, then also change the check_full_response: 200 to check_full_response: [200 206] at https://github.com/wpscanteam/wpscan/blob/master/app/finders/db_exports/known_locations.rb#L20

[miguelxpn]

Reproduced the issue and verified that the fix works.