Class: WPScan::Finders::Passwords::XMLRPC

Inherits:

CMSScanner::Finders::Finder

• Object
• CMSScanner::Finders::Finder
• WPScan::Finders::Passwords::XMLRPC

Includes:

CMSScanner::Finders::Finder::BreadthFirstDictionaryAttack

Defined in:

app/finders/passwords/xml_rpc.rb

Overview

Password attack against the XMLRPC interface

Instance Method Summary

• #errored_response?(response) ⇒ Boolean
• #login_request(username, password) ⇒ Object
• #valid_credentials?(response) ⇒ Boolean

Instance Method Details

#errored_response?(response) ⇒ Boolean

Returns:

• (Boolean)

# File 'app/finders/passwords/xml_rpc.rb', line 18

def errored_response?(response)
  response.code != 200 && response.body !~ /Incorrect username or password/i
end

#login_request(username, password) ⇒ Object

# File 'app/finders/passwords/xml_rpc.rb', line 10

def login_request(username, password)
  target.method_call('wp.getUsersBlogs', [username, password], cache_ttl: 0)
end

#valid_credentials?(response) ⇒ Boolean

Returns:

• (Boolean)

# File 'app/finders/passwords/xml_rpc.rb', line 14

def valid_credentials?(response)
  response.code == 200 && response.body.include?('blogName')
end