Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
wpscanteam
GitHub Repository: wpscanteam/wpscan
 Path: blob/master/app/finders/passwords/xml_rpc.rb
485 views
1
# frozen_string_literal: true

2


3
module WPScan

4
  module Finders

5
    module Passwords

6
      # Password attack against the XMLRPC interface

7
      class XMLRPC < CMSScanner::Finders::Finder

8
        include CMSScanner::Finders::Finder::BreadthFirstDictionaryAttack

9


10
        def login_request(username, password)

11
          target.method_call('wp.getUsersBlogs', [username, password], cache_ttl: 0)

12
        end

13


14
        def valid_credentials?(response)

15
          response.code == 200 && response.body.include?('blogName')

16
        end

17


18
        def errored_response?(response)

19
          response.code != 200 && response.body !~ /Incorrect username or password/i

20
        end

21
      end

22
    end

23
  end

24
end

25


26