From 2e4a622cec420d187f05511ac03eae0320d4a189 Mon Sep 17 00:00:00 2001 From: Christian Mehlmauer Date: Mon, 24 Sep 2012 20:46:26 +0200 Subject: [PATCH] -) Check if userregistration is enabled -) Check if blog is a multisite --- lib/wpscan/wp_target.rb | 26 +++++++++++++++++++-- spec/lib/wpscan/wp_target_spec.rb | 39 +++++++++++++++++++++++++++++++ wpscan.rb | 12 ++++++++-- 3 files changed, 73 insertions(+), 4 deletions(-) diff --git a/lib/wpscan/wp_target.rb b/lib/wpscan/wp_target.rb index b5c1e474..17a2612d 100644 --- a/lib/wpscan/wp_target.rb +++ b/lib/wpscan/wp_target.rb @@ -137,11 +137,33 @@ class WpTarget # Should check wp-login.php if registration is enabled or not def registration_enabled? - # TODO + resp = Browser.instance.get(registration_url) + if resp.code == 302 and resp.headers_hash["location"] =~ /wp-login\.php\?registration=disabled/ + enabled = false + else + enabled = true + end + enabled end def registration_url - # TODO + @uri.merge("wp-login.php?action=register") end + def is_multisite? + # when multisite, there is no redirection or a redirect to the site itself + # otherwise redirect to wp-login.php + url = @uri.merge("wp-signup.php") + resp = Browser.instance.get(url) + if resp.code == 302 and resp.headers_hash["location"] =~ /wp-login\.php\?action=register/ + multisite = false + elsif resp.code == 302 and resp.headers_hash["location"] =~ /wp-signup\.php/ + multisite = true + elsif resp.code == 200 + multisite = true + else + multisite = false + end + multisite + end end diff --git a/spec/lib/wpscan/wp_target_spec.rb b/spec/lib/wpscan/wp_target_spec.rb index a4a9344c..691bcf44 100644 --- a/spec/lib/wpscan/wp_target_spec.rb +++ b/spec/lib/wpscan/wp_target_spec.rb @@ -244,4 +244,43 @@ describe WpTarget do @wp_target.search_replace_db_2_exists?.should be_false end end + + describe "#registration_url" do + it "should return the correct url" do + @wp_target.registration_url.to_s.should == "http://example.localhost/wp-login.php?action=register" + end + end + + describe "#registration_enabled?" do + it "should return false" do + stub_request(:any, @wp_target.registration_url.to_s).to_return(:status => 302, :headers => { "Location" => "wp-login.php?registration=disabled" }) + @wp_target.registration_enabled?.should be_false + end + + it "should return true" do + stub_request(:any, @wp_target.registration_url.to_s).to_return(:status => 200) + @wp_target.registration_enabled?.should be_true + end + end + + describe "#is_multisite?" do + before :each do + @url = @wp_target.uri.merge("wp-signup.php").to_s + end + + it "should return false" do + stub_request(:any, @url).to_return(:status => 302, :headers => { "Location" => "wp-login.php?action=register" }) + @wp_target.is_multisite?.should be_false + end + + it "should return true" do + stub_request(:any, @url).to_return(:status => 302, :headers => { "Location" => "http://example.localhost/wp-signup.php" }) + @wp_target.is_multisite?.should be_true + end + + it "should return true" do + stub_request(:any, @url).to_return(:status => 200) + @wp_target.is_multisite?.should be_true + end + end end diff --git a/wpscan.rb b/wpscan.rb index 985acc66..39f30e76 100755 --- a/wpscan.rb +++ b/wpscan.rb @@ -101,11 +101,11 @@ begin wp_theme = wp_target.theme if wp_theme # Theme version is handled in wp_item.to_s - puts green("[!]") + " The WordPress theme in use is #{wp_theme}" + puts green("[+]") + " The WordPress theme in use is #{wp_theme}" theme_vulnerabilities = wp_theme.vulnerabilities unless theme_vulnerabilities.empty? - puts red("[+]") + " We have identified #{theme_vulnerabilities.size} vulnerabilities for this theme :" + puts red("[!]") + " We have identified #{theme_vulnerabilities.size} vulnerabilities for this theme :" theme_vulnerabilities.each do |vulnerability| puts puts " | " + red("* Title: #{vulnerability.title}") @@ -135,6 +135,14 @@ begin puts red("[!] searchreplacedb2.php has been found '#{wp_target.search_replace_db_2_url}'") end + if wp_target.is_multisite? + puts green("[+]") + " This site seems to be a multisite (http://codex.wordpress.org/Glossary#Multisite)" + end + + if wp_target.registration_enabled? + puts green("[+]") + " Userregistration is enabled" + end + if wp_target.has_malwares? malwares = wp_target.malwares puts red("[!]") + " #{malwares.size} malware(s) found :"