Module: WpTarget::WpRegistrable

Included in:
WpTarget
Defined in:
lib/wpscan/wp_target/wp_registrable.rb

Instance Method Summary collapse

Instance Method Details

#multisite?Boolean

Returns:

  • (Boolean)

33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
# File 'lib/wpscan/wp_target/wp_registrable.rb', line 33

def multisite?
  unless @multisite
    # when multi site, there is no redirection or a redirect to the site itself
    # otherwise redirect to wp-login.php
    resp = Browser.get(@uri.merge('wp-signup.php').to_s)

    if resp.code == 302 and resp.headers_hash['location'] =~ /wp-login\.php\?action=register/
      @multisite = false
    elsif resp.code == 302 and resp.headers_hash['location'] =~ /wp-signup\.php/
      @multisite = true
    elsif resp.code == 200
      @multisite = true
    else
      @multisite = false
    end
  end
  @multisite
end

#registration_enabled?Boolean

Should check wp-login.php if registration is enabled or not

Returns:

  • (Boolean)

9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
# File 'lib/wpscan/wp_target/wp_registrable.rb', line 9

def registration_enabled?
  resp = Browser.get(registration_url)
  # redirect only on non multi sites
  if resp.code == 302 and resp.headers_hash['location'] =~ /wp-login\.php\?registration=disabled/i
    enabled = false
  # multi site registration form
  elsif resp.code == 200 and resp.body =~ /<form id="setupform" method="post" action="[^"]*wp-signup\.php[^"]*">/i
    enabled = true
  # normal registration form
  elsif resp.code == 200 and resp.body =~ /<form name="registerform" id="registerform" action="[^"]*wp-login\.php[^"]*"/i
    enabled = true
  # registration disabled
  else
    enabled = false
  end
  enabled
end

#registration_urlString

Returns The registration URL

Returns:

  • (String)

    The registration URL


28
29
30
# File 'lib/wpscan/wp_target/wp_registrable.rb', line 28

def registration_url
  multisite? ? @uri.merge('wp-signup.php').to_s : @uri.merge('wp-login.php?action=register').to_s
end