Contents

# frozen_string_literal: true

module WPScan
  module Finders
    module Passwords
      # Password attack against the XMLRPC interface
      class XMLRPC < CMSScanner::Finders::Finder
        include CMSScanner::Finders::Finder::BreadthFirstDictionaryAttack

        def login_request(username, password)
          target.method_call('wp.getUsersBlogs', [username, password], cache_ttl: 0)
        end

        def valid_credentials?(response)
          response.code == 200 && response.body.include?('blogName')
        end

        def errored_response?(response)
          response.code != 200 && response.body !~ /Incorrect username or password/i
        end
      end
    end
  end
end

Version data entries

25 entries across 25 versions & 1 rubygems

Version	Path
wpscan-3.8.28	app/finders/passwords/xml_rpc.rb
wpscan-3.8.27	app/finders/passwords/xml_rpc.rb
wpscan-3.8.26	app/finders/passwords/xml_rpc.rb
wpscan-3.8.25	app/finders/passwords/xml_rpc.rb
wpscan-3.8.24	app/finders/passwords/xml_rpc.rb
wpscan-3.8.22	app/finders/passwords/xml_rpc.rb
wpscan-3.8.21	app/finders/passwords/xml_rpc.rb
wpscan-3.8.20	app/finders/passwords/xml_rpc.rb
wpscan-3.8.19	app/finders/passwords/xml_rpc.rb
wpscan-3.8.18	app/finders/passwords/xml_rpc.rb
wpscan-3.8.17	app/finders/passwords/xml_rpc.rb
wpscan-3.8.16	app/finders/passwords/xml_rpc.rb
wpscan-3.8.15	app/finders/passwords/xml_rpc.rb
wpscan-3.8.14	app/finders/passwords/xml_rpc.rb
wpscan-3.8.13	app/finders/passwords/xml_rpc.rb
wpscan-3.8.12	app/finders/passwords/xml_rpc.rb
wpscan-3.8.11	app/finders/passwords/xml_rpc.rb
wpscan-3.8.10	app/finders/passwords/xml_rpc.rb
wpscan-3.8.9	app/finders/passwords/xml_rpc.rb
wpscan-3.8.8	app/finders/passwords/xml_rpc.rb