RubygemsResearch

Sha256: 8b76ec4e38e812f8edd9f53c98c74c7500f40299c2d760d1d35aba9fee93789f

Contents?: true

Size: 697 Bytes

Versions: 9

Compression:

Stored size: 697 Bytes

# frozen_string_literal: true

module WPScan
  module Finders
    module Passwords
      # Password attack against the wp-login.php
      class WpLogin < CMSScanner::Finders::Finder
        include CMSScanner::Finders::Finder::BreadthFirstDictionaryAttack

        def login_request(username, password)
          target.login_request(username, password)
        end

        def valid_credentials?(response)
          response.code == 302 &&
            response.headers['Set-Cookie']&.any? { |cookie| cookie =~ /wordpress_logged_in_/i }
        end

        def errored_response?(response)
          response.code != 200 && response.body !~ /login_error/i
        end
      end
    end
  end
end

Version data entries

9 entries across 9 versions & 1 rubygems

Version	Path
wpscan-3.6.2	app/finders/passwords/wp_login.rb
wpscan-3.6.1	app/finders/passwords/wp_login.rb
wpscan-3.6.0	app/finders/passwords/wp_login.rb
wpscan-3.5.5	app/finders/passwords/wp_login.rb
wpscan-3.5.4	app/finders/passwords/wp_login.rb
wpscan-3.5.3	app/finders/passwords/wp_login.rb
wpscan-3.5.2	app/finders/passwords/wp_login.rb
wpscan-3.5.1	app/finders/passwords/wp_login.rb
wpscan-3.5.0	app/finders/passwords/wp_login.rb