Sha256: 7e6b5efe0a52fbf6b847660fe1a5057364872b67f54ba398e4df6bdf7b9a1fb1

Contents?: true

Size: 652 Bytes

Versions: 11

Compression:

Stored size: 652 Bytes

Contents

# frozen_string_literal: true

module WPScan
  module Finders
    module Passwords
      # Password attack against the XMLRPC interface
      class XMLRPC < CMSScanner::Finders::Finder
        include CMSScanner::Finders::Finder::BreadthFirstDictionaryAttack

        def login_request(username, password)
          target.method_call('wp.getUsersBlogs', [username, password])
        end

        def valid_credentials?(response)
          response.code == 200 && response.body =~ /blogName/
        end

        def errored_response?(response)
          response.code != 200 && response.body !~ /login_error/i
        end
      end
    end
  end
end

Version data entries

11 entries across 11 versions & 1 rubygems

Version Path
wpscan-3.7.0 app/finders/passwords/xml_rpc.rb
wpscan-3.6.3 app/finders/passwords/xml_rpc.rb
wpscan-3.6.2 app/finders/passwords/xml_rpc.rb
wpscan-3.6.1 app/finders/passwords/xml_rpc.rb
wpscan-3.6.0 app/finders/passwords/xml_rpc.rb
wpscan-3.5.5 app/finders/passwords/xml_rpc.rb
wpscan-3.5.4 app/finders/passwords/xml_rpc.rb
wpscan-3.5.3 app/finders/passwords/xml_rpc.rb
wpscan-3.5.2 app/finders/passwords/xml_rpc.rb
wpscan-3.5.1 app/finders/passwords/xml_rpc.rb
wpscan-3.5.0 app/finders/passwords/xml_rpc.rb