Class: WPScan::Finders::Passwords::WpLogin

Inherits:

CMSScanner::Finders::Finder

Object
CMSScanner::Finders::Finder
WPScan::Finders::Passwords::WpLogin

show all

Includes:: CMSScanner::Finders::Finder::BreadthFirstDictionaryAttack

Defined in:: app/finders/passwords/wp_login.rb

Overview

Password attack against the wp-login.php

Instance Method Summary collapse

Instance Method Details

#errored_response?(response) ⇒ `Boolean`

Returns:

(Boolean)



19
20
21

# File 'app/finders/passwords/wp_login.rb', line 19

def errored_response?(response)
  response.code != 200 && response.body !~ /login_error/i
end

#login_request(username, password) ⇒ `Object`



10
11
12

# File 'app/finders/passwords/wp_login.rb', line 10

def login_request(username, password)
  target.login_request(username, password)
end

#valid_credentials?(response) ⇒ `Boolean`

Returns:

(Boolean)

# File 'app/finders/passwords/wp_login.rb', line 14

def valid_credentials?(response)
  response.code == 302 &&
    [*response.headers['Set-Cookie']]&.any? { |cookie| cookie =~ /wordpress_logged_in_/i }
end

Class: WPScan::Finders::Passwords::WpLogin

Overview

Instance Method Summary collapse

Instance Method Details

#errored_response?(response) ⇒ Boolean

#login_request(username, password) ⇒ Object

#valid_credentials?(response) ⇒ Boolean

#errored_response?(response) ⇒ `Boolean`

#login_request(username, password) ⇒ `Object`

#valid_credentials?(response) ⇒ `Boolean`