Fixes #1307

2019-03-10 07:11:48 +00:00
parent 01c5bcf2be
commit 26c6be7268
4 changed files with 50 additions and 13 deletions
--- a/app/controllers/password_attack.rb
+++ b/app/controllers/password_attack.rb
@@ -65,8 +65,12 @@ module WPScan
        when :wp_login
          WPScan::Finders::Passwords::WpLogin.new(target)
        when :xmlrpc
+          raise XMLRPCNotDetected unless xmlrpc
+
          WPScan::Finders::Passwords::XMLRPC.new(xmlrpc)
        when :xmlrpc_multicall
+          raise XMLRPCNotDetected unless xmlrpc
+
          WPScan::Finders::Passwords::XMLRPCMulticall.new(xmlrpc)
        end
      end
--- a/lib/wpscan/errors.rb
+++ b/lib/wpscan/errors.rb
@@ -6,3 +6,4 @@ end
 require_relative 'errors/http'
 require_relative 'errors/update'
 require_relative 'errors/wordpress'
+require_relative 'errors/xmlrpc'
--- a/lib/wpscan/errors/xmlrpc.rb
+++ b/lib/wpscan/errors/xmlrpc.rb
@@ -0,0 +1,8 @@
+module WPScan
+  # XML-RPC Not Detected
+  class XMLRPCNotDetected < Error
+    def to_s
+      'The XML-RPC Interface was not detected.'
+    end
+  end
+end
--- a/spec/app/controllers/password_attack_spec.rb
+++ b/spec/app/controllers/password_attack_spec.rb
@@ -66,6 +66,29 @@ describe WPScan::Controller::PasswordAttack do
      end

      context 'when xmlrpc' do
+        context 'when xmlrpc not detected on target' do
+          before do
+            expect(controller.target).to receive(:xmlrpc).and_return(nil)
+          end
+
+          context 'when single xmlrpc' do
+            let(:attack) { 'xmlrpc' }
+
+            it 'raises an error' do
+              expect { controller.attacker }.to raise_error(WPScan::XMLRPCNotDetected)
+            end
+          end
+
+          context 'when xmlrpc-multicall' do
+            let(:attack) { 'xmlrpc-multicall' }
+
+            it 'raises an error' do
+              expect { controller.attacker }.to raise_error(WPScan::XMLRPCNotDetected)
+            end
+          end
+        end
+
+        context 'when xmlrpc detected on target' do
          before do
            expect(controller.target).to receive(:xmlrpc).and_return(WPScan::XMLRPC.new("#{target_url}/xmlrpc.php"))
          end
@@ -89,6 +112,7 @@ describe WPScan::Controller::PasswordAttack do
          end
        end
      end
+    end

    context 'when automatic detection' do
      before { expect(controller.target).to receive(:xmlrpc).and_return(xmlrpc) }