Uses an enumerator to read wordlist during pwd attack. Fixes #1518

2020-07-16 14:39:09 +02:00
parent ff574b046c
commit f65532e347
5 changed files with 7 additions and 17 deletions
--- a/spec/app/finders/passwords/xml_rpc_spec.rb
+++ b/spec/app/finders/passwords/xml_rpc_spec.rb
@@ -24,11 +24,13 @@ describe WPScan::Finders::Passwords::XMLRPC do
    </methodResponse>'

  describe '#attack' do
+    let(:wordlist_path) { FINDERS_FIXTURES.join('passwords.txt').to_s }
+
    context 'when no valid credentials' do
      before do
        stub_request(:post, url).to_return(status: status, body: RESPONSE_403_BODY)

-        finder.attack(users, %w[pwd])
+        finder.attack(users, wordlist_path)
      end

      let(:users) { %w[admin].map { |username| WPScan::Model::User.new(username) } }