Fixes #1554

2020-10-28 10:10:57 +01:00
parent c4030d8267
commit 611d3dfd4d
4 changed files with 20 additions and 4 deletions
--- a/app/controllers/password_attack.rb
+++ b/app/controllers/password_attack.rb
@@ -19,7 +19,8 @@ module WPScan
          OptChoice.new(['--password-attack ATTACK',
                         'Force the supplied attack to be used rather than automatically determining one.'],
                        choices: %w[wp-login xmlrpc xmlrpc-multicall],
-                        normalize: %i[downcase underscore to_sym])
+                        normalize: %i[downcase underscore to_sym]),
+          OptString.new(['--login-uri URI', 'The URI of the login page if different from /wp-login.php'])
        ]
      end

--- a/lib/wpscan/target/platform/wordpress.rb
+++ b/lib/wpscan/target/platform/wordpress.rb
@@ -139,11 +139,14 @@ module WPScan
        # the first time the method is called, and the effective_url is then used
        # if suitable, otherwise the default wp-login will be.
        #
+        # If the login_uri CLI option has been provided, it will be returne w/o redirection check.
+        #
        # @return [ String, false ] The URL to the login page or false if not detected
        def login_url
          return @login_url unless @login_url.nil?
+          return @login_url = url(ParsedCli.login_uri) if ParsedCli.login_uri

-          @login_url = url('wp-login.php') # TODO: url(ParsedCli.login_uri)
+          @login_url = url('wp-login.php')

          res = Browser.get_and_follow_location(@login_url)

--- a/spec/app/controllers/password_attack_spec.rb
+++ b/spec/app/controllers/password_attack_spec.rb
@@ -34,7 +34,7 @@ describe WPScan::Controller::PasswordAttack do

    it 'contains to correct options' do
      expect(controller.cli_options.map(&:to_sym))
-        .to eq(%i[passwords usernames multicall_max_passwords password_attack])
+        .to eq(%i[passwords usernames multicall_max_passwords password_attack login_uri])
    end
  end

--- a/spec/shared_examples/target/platform/wordpress.rb
+++ b/spec/shared_examples/target/platform/wordpress.rb
@@ -238,7 +238,19 @@ shared_examples WPScan::Target::Platform::WordPress do
  end

  describe '#login_url' do
-    before { allow(target).to receive(:sub_dir) }
+    before do
+      allow(target).to receive(:sub_dir)
+
+      WPScan::ParsedCli.options = rspec_parsed_options(cli_args)
+    end
+
+    let(:cli_args) { '--url https://ex.lo' }
+
+    context 'when login_uri CLI option set' do
+      let(:cli_args) { "#{super()} --login_uri other-login.php" }
+
+      its(:login_url) { should eql target.url('other-login.php') }
+    end

    context 'when returning a 200' do
      before { stub_request(:get, target.url('wp-login.php')).to_return(status: 200) }