app/controllers/password_attack.rb in wpscan-3.5.4 vs app/controllers/password_attack.rb in wpscan-3.5.5
- old
+ new
@@ -63,33 +63,46 @@
def attacker_from_cli_options
return unless ParsedCli.password_attack
case ParsedCli.password_attack
when :wp_login
- WPScan::Finders::Passwords::WpLogin.new(target)
+ Finders::Passwords::WpLogin.new(target)
when :xmlrpc
raise Error::XMLRPCNotDetected unless xmlrpc
- WPScan::Finders::Passwords::XMLRPC.new(xmlrpc)
+ Finders::Passwords::XMLRPC.new(xmlrpc)
when :xmlrpc_multicall
raise Error::XMLRPCNotDetected unless xmlrpc
- WPScan::Finders::Passwords::XMLRPCMulticall.new(xmlrpc)
+ Finders::Passwords::XMLRPCMulticall.new(xmlrpc)
end
end
+ # @return [ Boolean ]
+ def xmlrpc_get_users_blogs_enabled?
+ if xmlrpc&.enabled? &&
+ xmlrpc.available_methods.include?('wp.getUsersBlogs') &&
+ xmlrpc.method_call('wp.getUsersBlogs', [SecureRandom.hex[0, 6], SecureRandom.hex[0, 4]])
+ .run.body !~ /XML\-RPC services are disabled/
+
+ true
+ else
+ false
+ end
+ end
+
# @return [ CMSScanner::Finders::Finder ]
def attacker_from_automatic_detection
- if xmlrpc&.enabled? && xmlrpc.available_methods.include?('wp.getUsersBlogs')
+ if xmlrpc_get_users_blogs_enabled?
wp_version = target.wp_version
if wp_version && wp_version < '4.4'
- WPScan::Finders::Passwords::XMLRPCMulticall.new(xmlrpc)
+ Finders::Passwords::XMLRPCMulticall.new(xmlrpc)
else
- WPScan::Finders::Passwords::XMLRPC.new(xmlrpc)
+ Finders::Passwords::XMLRPC.new(xmlrpc)
end
else
- WPScan::Finders::Passwords::WpLogin.new(target)
+ Finders::Passwords::WpLogin.new(target)
end
end
# @return [ Array<Users> ] The users to brute force
def users