garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Improves Password Attack against wp-login.php to avoid FP

Browse Source
This commit is contained in:
erwanlr
2019-03-14 19:21:39 +00:00
parent e7925de5bc
commit 4f9822743c
3 changed files with 13 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
app/finders/passwords/wp_login.rb
View File

@@ -10,7 +10,8 @@ module WPScan
end
def valid_credentials?(response)
response.code == 302
response.code == 302 &&
response.headers['Set-Cookie']&.any? { |cookie| cookie =~ /wordpress_logged_in_/i }
end
def errored_response?(response)