garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fixes #1522

Browse Source
This commit is contained in:
erwanlr
2020-07-20 13:15:54 +02:00
parent cba6e74b13
commit 4320d2436f
2 changed files with 41 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
app/controllers/password_attack.rb
View File

@@ -88,8 +88,8 @@ module WPScan
def xmlrpc_get_users_blogs_enabled?
if xmlrpc&.enabled? &&
xmlrpc.available_methods.include?('wp.getUsersBlogs') &&
xmlrpc.method_call('wp.getUsersBlogs', [SecureRandom.hex[0, 6], SecureRandom.hex[0, 4]])
.run.body !~ /XML-RPC services are disabled/
!xmlrpc.method_call('wp.getUsersBlogs', [SecureRandom.hex[0, 6], SecureRandom.hex[0, 4]])
.run.body.match?(/>\s*405\s*</)
true
else