From 611d3dfd4d2c1bd449bcb1397c8a552bd8fcbb3e Mon Sep 17 00:00:00 2001 From: erwanlr Date: Wed, 28 Oct 2020 10:10:57 +0100 Subject: [PATCH] Fixes #1554 --- app/controllers/password_attack.rb | 3 ++- lib/wpscan/target/platform/wordpress.rb | 5 ++++- spec/app/controllers/password_attack_spec.rb | 2 +- spec/shared_examples/target/platform/wordpress.rb | 14 +++++++++++++- 4 files changed, 20 insertions(+), 4 deletions(-) diff --git a/app/controllers/password_attack.rb b/app/controllers/password_attack.rb index cc478edc..b24f0c6a 100644 --- a/app/controllers/password_attack.rb +++ b/app/controllers/password_attack.rb @@ -19,7 +19,8 @@ module WPScan OptChoice.new(['--password-attack ATTACK', 'Force the supplied attack to be used rather than automatically determining one.'], choices: %w[wp-login xmlrpc xmlrpc-multicall], - normalize: %i[downcase underscore to_sym]) + normalize: %i[downcase underscore to_sym]), + OptString.new(['--login-uri URI', 'The URI of the login page if different from /wp-login.php']) ] end diff --git a/lib/wpscan/target/platform/wordpress.rb b/lib/wpscan/target/platform/wordpress.rb index ef9aeab1..ac62a7f7 100644 --- a/lib/wpscan/target/platform/wordpress.rb +++ b/lib/wpscan/target/platform/wordpress.rb @@ -139,11 +139,14 @@ module WPScan # the first time the method is called, and the effective_url is then used # if suitable, otherwise the default wp-login will be. # + # If the login_uri CLI option has been provided, it will be returne w/o redirection check. + # # @return [ String, false ] The URL to the login page or false if not detected def login_url return @login_url unless @login_url.nil? + return @login_url = url(ParsedCli.login_uri) if ParsedCli.login_uri - @login_url = url('wp-login.php') # TODO: url(ParsedCli.login_uri) + @login_url = url('wp-login.php') res = Browser.get_and_follow_location(@login_url) diff --git a/spec/app/controllers/password_attack_spec.rb b/spec/app/controllers/password_attack_spec.rb index 98d1037b..88c16e19 100644 --- a/spec/app/controllers/password_attack_spec.rb +++ b/spec/app/controllers/password_attack_spec.rb @@ -34,7 +34,7 @@ describe WPScan::Controller::PasswordAttack do it 'contains to correct options' do expect(controller.cli_options.map(&:to_sym)) - .to eq(%i[passwords usernames multicall_max_passwords password_attack]) + .to eq(%i[passwords usernames multicall_max_passwords password_attack login_uri]) end end diff --git a/spec/shared_examples/target/platform/wordpress.rb b/spec/shared_examples/target/platform/wordpress.rb index 9a57d670..6151a54b 100644 --- a/spec/shared_examples/target/platform/wordpress.rb +++ b/spec/shared_examples/target/platform/wordpress.rb @@ -238,7 +238,19 @@ shared_examples WPScan::Target::Platform::WordPress do end describe '#login_url' do - before { allow(target).to receive(:sub_dir) } + before do + allow(target).to receive(:sub_dir) + + WPScan::ParsedCli.options = rspec_parsed_options(cli_args) + end + + let(:cli_args) { '--url https://ex.lo' } + + context 'when login_uri CLI option set' do + let(:cli_args) { "#{super()} --login_uri other-login.php" } + + its(:login_url) { should eql target.url('other-login.php') } + end context 'when returning a 200' do before { stub_request(:get, target.url('wp-login.php')).to_return(status: 200) }