Class: WPScan::Finders::Passwords::XMLRPC

Inherits:
CMSScanner::Finders::Finder
  • Object
show all
Includes:
CMSScanner::Finders::Finder::BreadthFirstDictionaryAttack
Defined in:
app/finders/passwords/xml_rpc.rb

Overview

Password attack against the XMLRPC interface

Instance Method Summary collapse

Instance Method Details

#errored_response?(response) ⇒ Boolean

Returns:

  • (Boolean)


18
19
20
# File 'app/finders/passwords/xml_rpc.rb', line 18

def errored_response?(response)
  response.code != 200 && response.body !~ /Incorrect username or password/i
end

#login_request(username, password) ⇒ Object



10
11
12
# File 'app/finders/passwords/xml_rpc.rb', line 10

def (username, password)
  target.method_call('wp.getUsersBlogs', [username, password], cache_ttl: 0)
end

#valid_credentials?(response) ⇒ Boolean

Returns:

  • (Boolean)


14
15
16
# File 'app/finders/passwords/xml_rpc.rb', line 14

def valid_credentials?(response)
  response.code == 200 && response.body.include?('blogName')
end