Contents

module WPScan
  module Finders
    module InterestingFindings
      # Multisite checker
      class Multisite < CMSScanner::Finders::Finder
        # @return [ InterestingFinding ]
        def aggressive(_opts = {})
          url      = target.url('wp-signup.php')
          res      = Browser.get(url)
          location = res.headers_hash['location']

          return unless [200, 302].include?(res.code)
          return if res.code == 302 && location =~ /wp-login\.php\?action=register/
          return unless res.code == 200 || res.code == 302 && location =~ /wp-signup\.php/

          target.multisite = true

          WPScan::Multisite.new(
            url,
            confidence: 100,
            found_by: DIRECT_ACCESS,
            to_s: 'This site seems to be a multisite',
            references: { url: 'http://codex.wordpress.org/Glossary#Multisite' }
          )
        end
      end
    end
  end
end

Version data entries

7 entries across 7 versions & 1 rubygems

Version	Path
wpscan-3.4.5	app/finders/interesting_findings/multisite.rb
wpscan-3.4.4	app/finders/interesting_findings/multisite.rb
wpscan-3.4.3	app/finders/interesting_findings/multisite.rb
wpscan-3.4.2	app/finders/interesting_findings/multisite.rb
wpscan-3.4.1	app/finders/interesting_findings/multisite.rb
wpscan-3.4.0	app/finders/interesting_findings/multisite.rb
wpscan-3.3.3	app/finders/interesting_findings/multisite.rb