Fixes #1307

2019-03-10 07:11:48 +00:00
parent 01c5bcf2be
commit 26c6be7268
4 changed files with 50 additions and 13 deletions
--- a/app/controllers/password_attack.rb
+++ b/app/controllers/password_attack.rb
@@ -65,8 +65,12 @@ module WPScan
        when :wp_login
          WPScan::Finders::Passwords::WpLogin.new(target)
        when :xmlrpc
+          raise XMLRPCNotDetected unless xmlrpc
+
          WPScan::Finders::Passwords::XMLRPC.new(xmlrpc)
        when :xmlrpc_multicall
+          raise XMLRPCNotDetected unless xmlrpc
+
          WPScan::Finders::Passwords::XMLRPCMulticall.new(xmlrpc)
        end
      end
--- a/lib/wpscan/errors.rb
+++ b/lib/wpscan/errors.rb
@@ -6,3 +6,4 @@ end
 require_relative 'errors/http'
 require_relative 'errors/update'
 require_relative 'errors/wordpress'
+require_relative 'errors/xmlrpc'
--- a/lib/wpscan/errors/xmlrpc.rb
+++ b/lib/wpscan/errors/xmlrpc.rb
@@ -0,0 +1,8 @@
+module WPScan
+  # XML-RPC Not Detected
+  class XMLRPCNotDetected < Error
+    def to_s
+      'The XML-RPC Interface was not detected.'
+    end
+  end
+end
--- a/spec/app/controllers/password_attack_spec.rb
+++ b/spec/app/controllers/password_attack_spec.rb
@@ -66,25 +66,49 @@ describe WPScan::Controller::PasswordAttack do
      end

      context 'when xmlrpc' do
-        before do
-          expect(controller.target).to receive(:xmlrpc).and_return(WPScan::XMLRPC.new("#{target_url}/xmlrpc.php"))
-        end
+        context 'when xmlrpc not detected on target' do
+          before do
+            expect(controller.target).to receive(:xmlrpc).and_return(nil)
+          end

-        context 'when single xmlrpc' do
-          let(:attack) { 'xmlrpc' }
+          context 'when single xmlrpc' do
+            let(:attack) { 'xmlrpc' }

-          it 'returns the correct object' do
-            expect(controller.attacker).to be_a WPScan::Finders::Passwords::XMLRPC
-            expect(controller.attacker.target).to be_a WPScan::XMLRPC
+            it 'raises an error' do
+              expect { controller.attacker }.to raise_error(WPScan::XMLRPCNotDetected)
+            end
+          end
+
+          context 'when xmlrpc-multicall' do
+            let(:attack) { 'xmlrpc-multicall' }
+
+            it 'raises an error' do
+              expect { controller.attacker }.to raise_error(WPScan::XMLRPCNotDetected)
+            end
          end
        end

-        context 'when xmlrpc-multicall' do
-          let(:attack) { 'xmlrpc-multicall' }
+        context 'when xmlrpc detected on target' do
+          before do
+            expect(controller.target).to receive(:xmlrpc).and_return(WPScan::XMLRPC.new("#{target_url}/xmlrpc.php"))
+          end

-          it 'returns the correct object' do
-            expect(controller.attacker).to be_a WPScan::Finders::Passwords::XMLRPCMulticall
-            expect(controller.attacker.target).to be_a WPScan::XMLRPC
+          context 'when single xmlrpc' do
+            let(:attack) { 'xmlrpc' }
+
+            it 'returns the correct object' do
+              expect(controller.attacker).to be_a WPScan::Finders::Passwords::XMLRPC
+              expect(controller.attacker.target).to be_a WPScan::XMLRPC
+            end
+          end
+
+          context 'when xmlrpc-multicall' do
+            let(:attack) { 'xmlrpc-multicall' }
+
+            it 'returns the correct object' do
+              expect(controller.attacker).to be_a WPScan::Finders::Passwords::XMLRPCMulticall
+              expect(controller.attacker.target).to be_a WPScan::XMLRPC
+            end
          end
        end
      end