diff --git a/lib/wpscan/web_site.rb b/lib/wpscan/web_site.rb
index 75780717..3dc45f98 100644
--- a/lib/wpscan/web_site.rb
+++ b/lib/wpscan/web_site.rb
@@ -46,21 +46,33 @@ class WebSite
!xml_rpc_url.nil?
end
+ # See http://www.hixie.ch/specs/pingback/pingback-1.0#TOC2.3
def xml_rpc_url
unless @xmlrpc_url
- headers = Browser.instance.get(@uri.to_s).headers_hash
- @xmlrpc_url = nil
-
- unless headers.nil?
- pingback_url = headers['X-Pingback']
- unless pingback_url.nil? || pingback_url.empty?
- @xmlrpc_url = pingback_url
- end
- end
+ @xmlrpc_url = xml_rpc_url_from_headers() || xml_rpc_url_from_body()
end
@xmlrpc_url
end
+ def xml_rpc_url_from_headers
+ headers = Browser.instance.get(@uri.to_s).headers_hash
+ xmlrpc_url = nil
+
+ unless headers.nil?
+ pingback_url = headers['X-Pingback']
+ unless pingback_url.nil? || pingback_url.empty?
+ xmlrpc_url = pingback_url
+ end
+ end
+ xmlrpc_url
+ end
+
+ def xml_rpc_url_from_body
+ body = Browser.instance.get(@uri.to_s).body
+
+ body[%r{}, 1]
+ end
+
# See if the remote url returns 30x redirect
# This method is recursive
# Return a string with the redirection or nil
diff --git a/spec/lib/wpscan/web_site_spec.rb b/spec/lib/wpscan/web_site_spec.rb
index d3a31e0a..627044f7 100644
--- a/spec/lib/wpscan/web_site_spec.rb
+++ b/spec/lib/wpscan/web_site_spec.rb
@@ -78,7 +78,7 @@ describe 'WebSite' do
end
end
- describe '#xml_rpc_url' do
+ describe '#xml_rpc_url_from_headers' do
context 'when the x-pingback is' do
context 'correctly supplied' do
@@ -87,14 +87,14 @@ describe 'WebSite' do
stub_request(:get, web_site.url).
to_return(status: 200, headers: { 'X-Pingback' => xmlrpc })
- web_site.xml_rpc_url.should === xmlrpc
+ web_site.xml_rpc_url_from_headers.should === xmlrpc
end
end
context 'not supplied' do
it 'returns nil' do
stub_request(:get, web_site.url).to_return(status: 200)
- web_site.xml_rpc_url.should be_nil
+ web_site.xml_rpc_url_from_headers.should be_nil
end
context 'but there is another header field' do
@@ -102,7 +102,7 @@ describe 'WebSite' do
stub_request(:get, web_site.url).
to_return(status:200, headers: { 'another-field' => 'which we do not care' })
- web_site.xml_rpc_url.should be_nil
+ web_site.xml_rpc_url_from_headers.should be_nil
end
end
end
@@ -112,13 +112,67 @@ describe 'WebSite' do
stub_request(:get, web_site.url).
to_return(status: 200, headers: { 'X-Pingback' => '' })
- web_site.xml_rpc_url.should be_nil
+ web_site.xml_rpc_url_from_headers.should be_nil
end
end
end
end
+ describe '#xml_rpc_url_from_body' do
+ context 'when the pattern does not match' do
+ it 'returns nil' do
+ stub_request_to_fixture(url: web_site.url, fixture: fixtures_dir + '/xml_rpc_url/body_dont_match.html')
+
+ web_site.xml_rpc_url_from_body.should be_nil
+ end
+ end
+
+ context 'when the pattern match' do
+ it 'return the url' do
+ stub_request_to_fixture(url: web_site.url, fixture: fixtures_dir + '/xml_rpc_url/body_match.html')
+
+ web_site.xml_rpc_url_from_body.should == 'http://lamp/wordpress-3.5.1/xmlrpc.php'
+ end
+ end
+ end
+
+ describe '#xml_rpc_url' do
+ after :each do
+ web_site.xml_rpc_url.should === xmlrpc_url
+ end
+
+ context 'when found in the headers' do
+ let(:xmlrpc_url) { 'http://from-headers.localhost/xmlrpc.php' }
+
+ it 'returns the url' do
+ web_site.stub(xml_rpc_url_from_headers: xmlrpc_url)
+ end
+ end
+
+ context 'when found in the body' do
+ let(:xmlrpc_url) { 'http://from-body.localhost/xmlrpc.php' }
+
+ it 'returns the url' do
+ web_site.stub(
+ xml_rpc_url_from_headers: nil,
+ xml_rpc_url_from_body: xmlrpc_url
+ )
+ end
+ end
+
+ context 'when not found' do
+ let(:xmlrpc_url) { nil }
+
+ it 'returns nil' do
+ web_site.stub(
+ xml_rpc_url_from_headers: nil,
+ xml_rpc_url_from_body: nil
+ )
+ end
+ end
+ end
+
describe '#has_xml_rpc?' do
it 'should return true' do
stub_request(:get, web_site.url).
diff --git a/spec/samples/wpscan/web_site/xml_rpc_url/body_dont_match.html b/spec/samples/wpscan/web_site/xml_rpc_url/body_dont_match.html
new file mode 100644
index 00000000..b769e246
--- /dev/null
+++ b/spec/samples/wpscan/web_site/xml_rpc_url/body_dont_match.html
@@ -0,0 +1,13 @@
+
+
+
+
+Wordpress 3.5.1
+
+
+
+
+
+
+
+
diff --git a/spec/samples/wpscan/web_site/xml_rpc_url/body_match.html b/spec/samples/wpscan/web_site/xml_rpc_url/body_match.html
new file mode 100644
index 00000000..01ea1336
--- /dev/null
+++ b/spec/samples/wpscan/web_site/xml_rpc_url/body_match.html
@@ -0,0 +1,14 @@
+
+
+
+
+Wordpress 3.5.1
+
+
+
+
+
+
+
+
+