Class: WPScan::Finders::Passwords::WpLogin

Inherits:
CMSScanner::Finders::Finder
  • Object
show all
Includes:
CMSScanner::Finders::Finder::BreadthFirstDictionaryAttack
Defined in:
app/finders/passwords/wp_login.rb

Overview

Password attack against the wp-login.php

Instance Method Summary collapse

Instance Method Details

#errored_response?(response) ⇒ Boolean

Returns:

  • (Boolean)


19
20
21
# File 'app/finders/passwords/wp_login.rb', line 19

def errored_response?(response)
  response.code != 200 && response.body !~ /login_error/i
end

#login_request(username, password) ⇒ Object



10
11
12
# File 'app/finders/passwords/wp_login.rb', line 10

def (username, password)
  target.(username, password)
end

#valid_credentials?(response) ⇒ Boolean

Returns:

  • (Boolean)


14
15
16
17
# File 'app/finders/passwords/wp_login.rb', line 14

def valid_credentials?(response)
  response.code == 302 &&
    Array(response.headers['Set-Cookie'])&.any? { |cookie| cookie =~ /wordpress_logged_in_/i }
end