garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fixes #1330

Browse Source
This commit is contained in:
erwanlr
2019-04-07 17:06:19 +01:00
parent c8eb81161e
commit 8145a4a3a6
1 changed files with 7 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
app/finders/users/author_id_brute_forcing.rb
View File

@@ -7,6 +7,11 @@ module WPScan
class AuthorIdBruteForcing < CMSScanner::Finders::Finder class AuthorIdBruteForcing < CMSScanner::Finders::Finder
include CMSScanner::Finders::Finder::Enumerator include CMSScanner::Finders::Finder::Enumerator
# @return [ Array<Integer> ]
def valid_response_codes
@valid_response_codes ||= [200, 301, 302]
end
# @param [ Hash ] opts # @param [ Hash ] opts
# @option opts [ Range ] :range Mandatory # @option opts [ Range ] :range Mandatory
# #
@@ -15,7 +20,7 @@ module WPScan
found = [] found = []
found_by_msg = 'Author Id Brute Forcing - %s (Aggressive Detection)' found_by_msg = 'Author Id Brute Forcing - %s (Aggressive Detection)'
enumerate(target_urls(opts), opts) do |res, id| enumerate(target_urls(opts), opts.merge(check_full_response: true)) do |res, id|
username, found_by, confidence = potential_username(res) username, found_by, confidence = potential_username(res)
next unless username next unless username
@@ -49,7 +54,7 @@ module WPScan
super(opts.merge(title: ' Brute Forcing Author IDs -')) super(opts.merge(title: ' Brute Forcing Author IDs -'))
end end
def request_params def full_request_params
{ followlocation: true } { followlocation: true }
end end