From ab950d6ffc9df8e910c0ef64641a300925a8de22 Mon Sep 17 00:00:00 2001
From: erwanlr <erwan.lr@gmail.com>
Date: Mon, 16 Sep 2019 10:37:43 +0100
Subject: [PATCH] Do not cache login requests - Fixes #1395

---
 app/finders/passwords/xml_rpc.rb           | 2 +-
 app/finders/passwords/xml_rpc_multicall.rb | 2 +-
 lib/wpscan/target/platform/wordpress.rb    | 1 +
 3 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/app/finders/passwords/xml_rpc.rb b/app/finders/passwords/xml_rpc.rb
index 1e50317d..ae7134e0 100644
--- a/app/finders/passwords/xml_rpc.rb
+++ b/app/finders/passwords/xml_rpc.rb
@@ -8,7 +8,7 @@ module WPScan
         include CMSScanner::Finders::Finder::BreadthFirstDictionaryAttack
 
         def login_request(username, password)
-          target.method_call('wp.getUsersBlogs', [username, password])
+          target.method_call('wp.getUsersBlogs', [username, password], cache_ttl: 0)
         end
 
         def valid_credentials?(response)
diff --git a/app/finders/passwords/xml_rpc_multicall.rb b/app/finders/passwords/xml_rpc_multicall.rb
index e66b4fc6..77223ba2 100644
--- a/app/finders/passwords/xml_rpc_multicall.rb
+++ b/app/finders/passwords/xml_rpc_multicall.rb
@@ -19,7 +19,7 @@ module WPScan
             end
           end
 
-          target.multi_call(methods).run
+          target.multi_call(methods, cache_ttl: 0).run
         end
 
         # @param [ Array<Model::User> ] users
diff --git a/lib/wpscan/target/platform/wordpress.rb b/lib/wpscan/target/platform/wordpress.rb
index 23a93528..69e6d6a5 100644
--- a/lib/wpscan/target/platform/wordpress.rb
+++ b/lib/wpscan/target/platform/wordpress.rb
@@ -109,6 +109,7 @@ module WPScan
           Browser.instance.forge_request(
             login_url,
             method: :post,
+            cache_ttl: 0,
             body: { log: username, pwd: password }
           )
         end