Contents

module WPScan
  module Finders
    module Passwords
      # Password attack against the XMLRPC interface
      class XMLRPC < CMSScanner::Finders::Finder
        include CMSScanner::Finders::Finder::BreadthFirstDictionaryAttack

        def login_request(username, password)
          target.method_call('wp.getUsersBlogs', [username, password])
        end

        def valid_credentials?(response)
          response.code == 200 && response.body =~ /blogName/
        end

        def errored_response?(response)
          response.code != 200 && response.body !~ /login_error/i
        end
      end
    end
  end
end

Version data entries

10 entries across 10 versions & 1 rubygems

Version	Path
wpscan-3.4.5	app/finders/passwords/xml_rpc.rb
wpscan-3.4.4	app/finders/passwords/xml_rpc.rb
wpscan-3.4.3	app/finders/passwords/xml_rpc.rb
wpscan-3.4.2	app/finders/passwords/xml_rpc.rb
wpscan-3.4.1	app/finders/passwords/xml_rpc.rb
wpscan-3.4.0	app/finders/passwords/xml_rpc.rb
wpscan-3.3.3	app/finders/passwords/xml_rpc.rb
wpscan-3.3.2	app/finders/passwords/xml_rpc.rb
wpscan-3.3.1	app/finders/passwords/xml_rpc.rb
wpscan-3.3.0	app/finders/passwords/xml_rpc.rb