Detect XML Pingback URL

2012-12-13 11:41:08 +01:00
parent 19bcc9263c
commit 4d852b5983
2 changed files with 21 additions and 0 deletions
--- a/lib/wpscan/wp_target.rb
+++ b/lib/wpscan/wp_target.rb
@@ -178,4 +178,21 @@ class WpTarget
    end
    @multisite
  end
+
+  def xml_rpc_url
+    unless @xmlrpc_url
+      headers = Browser.instance.get(@uri).headers_hash
+      value = headers["x-pingback"]
+      if value.nil? or value.empty?
+        @xmlrpc_url = "nope"
+      else
+        @xmlrpc_url = value
+      end
+    end
+    @xmlrpc_url
+  end
+
+  def xml_rpc_enabled
+    xml_rpc_url != "nope"
+  end
 end
--- a/wpscan.rb
+++ b/wpscan.rb
@@ -144,6 +144,10 @@ begin
    puts green("[+]") + " User registration is enabled"
  end

+  if wp_target.xml_rpc_enabled
+    puts green("[+]") + " XML-RPC Interface available under #{wp_target.xml_rpc_url}"
+  end
+
  if wp_target.has_malwares?
    malwares = wp_target.malwares
    puts red("[!]") + " #{malwares.size} malware(s) found :"