Module: Msf::Exploit::Remote::HTTP::Wordpress::Base

Included in:: Msf::Exploit::Remote::HTTP::Wordpress

Defined in:: lib/msf/core/exploit/remote/http/wordpress/base.rb

Instance Method Summary collapse

#wordpress_and_online? ⇒ Rex::Proto::Http::Response^?

Checks if the site is online and running wordpress.

Instance Method Details

#wordpress_and_online? ⇒ `Rex::Proto::Http::Response`^?

Checks if the site is online and running wordpress

Returns:

(Rex::Proto::Http::Response, nil) —

Returns the HTTP response if the site is online and running wordpress, nil otherwise

# File 'lib/msf/core/exploit/remote/http/wordpress/base.rb', line 7

def wordpress_and_online?
  unless datastore['WPCHECK']
    vprint_status 'Skipping WordPress check...'
    return true
  end

  wordpress_detect_regexes = [
      /["'][^"']*\/#{Regexp.escape(wp_content_dir)}\/[^"']*["']/i,
      /<link rel=["']wlwmanifest["'].*href=["'].*\/wp-includes\/wlwmanifest\.xml["'] \/>/i,
      /<link rel=["']pingback["'].*href=["'].*\/xmlrpc\.php["'](?: \/)*>/i
  ]

  res = send_request_cgi(
      'method' => 'GET',
      'uri' => normalize_uri(target_uri.path)
  )

  # handle one redirect
  if res && res.redirect? && res.redirection
    res = send_request_cgi(
    'method' => 'GET',
    'uri' => path_from_uri(res.redirection)
    )
  end

  return res if res && res.code == 200 && res.body && wordpress_detect_regexes.any? { |r| res.body =~ r }
  return nil
rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout => e
  print_error("Error connecting to #{target_uri}: #{e}")
  return nil
end

Module: Msf::Exploit::Remote::HTTP::Wordpress::Base

Instance Method Summary collapse

Instance Method Details

#wordpress_and_online? ⇒ Rex::Proto::Http::Response?

#wordpress_and_online? ⇒ `Rex::Proto::Http::Response`^?