diff --git a/lib/wpscan/target/platform/wordpress.rb b/lib/wpscan/target/platform/wordpress.rb index 033cb54f..92b3aaf6 100644 --- a/lib/wpscan/target/platform/wordpress.rb +++ b/lib/wpscan/target/platform/wordpress.rb @@ -72,9 +72,21 @@ module WPScan ) end + # The login page is checked for a potential redirection (from http to https) + # the first time the method is called, and the effective_url is then used + # if suitable, otherwise the default wp-login will be. + # # @return [ String ] The URL to the login page def login_url - url('wp-login.php') + return @login_url if @login_url + + @login_url = url('wp-login.php') + + res = Browser.get_and_follow_location(@login_url) + + @login_url = res.effective_url if in_scope?(res.effective_url) + + @login_url end end end diff --git a/spec/shared_examples/target/platform/wordpress.rb b/spec/shared_examples/target/platform/wordpress.rb index 609e2285..1d11d0f8 100644 --- a/spec/shared_examples/target/platform/wordpress.rb +++ b/spec/shared_examples/target/platform/wordpress.rb @@ -81,4 +81,33 @@ shared_examples WPScan::Target::Platform::WordPress do its(:wordpress_hosted?) { should be false } end end + + describe '#login_url' do + before { allow(target).to receive(:sub_dir) } + + context 'when returning a 200' do + before { stub_request(:get, target.url('wp-login.php')).to_return(status: 200) } + + its(:login_url) { should eql target.url('wp-login.php') } + end + + context 'when a redirection occured' do + before do + expect(WPScan::Browser).to receive(:get_and_follow_location) + .and_return(Typhoeus::Response.new(effective_url: effective_url, body: '')) + end + + context 'to an in scope URL' do + let(:effective_url) { target.url('wp-login.php').gsub('http', 'https') } + + its(:login_url) { should eql effective_url } + end + + context 'to an out of scope URL' do + let(:effective_url) { 'http://something.else' } + + its(:login_url) { should eql target.url('wp-login.php') } + end + end + end end