garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Do not cache login requests - Fixes #1395

Browse Source
This commit is contained in:
erwanlr
2019-09-16 10:37:43 +01:00
parent b77e611a90
commit ab950d6ffc
3 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
app/finders/passwords/xml_rpc.rb
View File

@@ -8,7 +8,7 @@ module WPScan
include CMSScanner::Finders::Finder::BreadthFirstDictionaryAttack include CMSScanner::Finders::Finder::BreadthFirstDictionaryAttack
def login_request(username, password) def login_request(username, password)
target.method_call('wp.getUsersBlogs', [username, password]) target.method_call('wp.getUsersBlogs', [username, password], cache_ttl: 0)
end end
def valid_credentials?(response) def valid_credentials?(response)

2
app/finders/passwords/xml_rpc_multicall.rb
View File

@@ -19,7 +19,7 @@ module WPScan
end end
end end
target.multi_call(methods).run target.multi_call(methods, cache_ttl: 0).run
end end
# @param [ Array<Model::User> ] users # @param [ Array<Model::User> ] users

1
lib/wpscan/target/platform/wordpress.rb
View File

@@ -109,6 +109,7 @@ module WPScan
Browser.instance.forge_request( Browser.instance.forge_request(
login_url, login_url,
method: :post, method: :post,
cache_ttl: 0,
body: { log: username, pwd: password } body: { log: username, pwd: password }
) )
end end