From 6df55c9733268ccd387686ba347aa315a05e4f1a Mon Sep 17 00:00:00 2001 From: William Vu Date: Wed, 8 Feb 2017 04:31:06 -0600 Subject: [PATCH] Gotta catch 'em (post statuses) all --- .../http/wordpress_content_injection.rb | 43 ++++++++++++------- 1 file changed, 27 insertions(+), 16 deletions(-) diff --git a/modules/auxiliary/scanner/http/wordpress_content_injection.rb b/modules/auxiliary/scanner/http/wordpress_content_injection.rb index c94adde350..375ba05e22 100644 --- a/modules/auxiliary/scanner/http/wordpress_content_injection.rb +++ b/modules/auxiliary/scanner/http/wordpress_content_injection.rb @@ -83,14 +83,21 @@ class MetasploitModule < Msf::Auxiliary tbl = Rex::Text::Table.new( 'Header' => full_uri, - 'Columns' => ['ID', 'Title', 'URL', 'Password'] + 'Columns' => %w{ID Title URL Status Password} ) posts_to_list.each do |post| + if post[:status] == 'publish' + status = 'Published' + else + status = post[:status].capitalize + end + tbl << [ post[:id], Rex::Text.html_decode(post[:title]), post[:url], + status, post[:password] ? 'Yes' : 'No' ] end @@ -135,22 +142,26 @@ class MetasploitModule < Msf::Auxiliary def list_posts posts = [] - res = send_request_cgi({ - 'method' => 'GET', - 'uri' => normalize_uri(get_rest_api, 'posts'), - 'vars_get' => { - 'per_page' => datastore['PostCount'] - } - }, 3.5) - - if res && res.code == 200 - res.get_json_document.each do |post| - posts << { - id: post['id'], - title: post['title']['rendered'], - url: post['link'], - password: post['content']['protected'] + %w{publish future draft pending private}.each do |status| + res = send_request_cgi({ + 'method' => 'GET', + 'uri' => normalize_uri(get_rest_api, 'posts'), + 'vars_get' => { + 'status' => status, + 'per_page' => datastore['PostCount'] } + }, 3.5) + + if res && res.code == 200 + res.get_json_document.each do |post| + posts << { + id: post['id'], + title: post['title']['rendered'], + url: post['link'], + status: status, + password: post['content']['protected'] + } + end end end