Adds a line about GHOST when XMLRPC is enabled, Fixes #763

2015-01-30 12:02:59 +01:00
parent b2d1c25b8e
commit bfe370fa50
1 changed files with 1 additions and 0 deletions
--- a/wpscan.rb
+++ b/wpscan.rb
@@ -188,6 +188,7 @@ def main

    if wp_target.has_xml_rpc?
      puts "#{info('[+]')} XML-RPC Interface available under: #{wp_target.xml_rpc_url}"
+      puts "#{warning('[!]')} This may allow the GHOST vulnerability to be exploited, please see http://blog.spiderlabs.com/2015/01/ghost-gethostbyname-heap-overflow-in-glibc-cve-2015-0235.html for a PoC"
    end

    if wp_target.upload_directory_listing_enabled?