Implented feedback from @jhart-r7
parent
baff003ecc
commit
a6479a77d6
|
@ -1,4 +1,3 @@
|
|||
# encoding: UTF-8
|
||||
# -*- coding: binary -*-
|
||||
|
||||
# This module provides a way of interacting with wordpress installations
|
||||
|
|
|
@ -1,4 +1,3 @@
|
|||
# encoding: UTF-8
|
||||
# -*- coding: binary -*-
|
||||
|
||||
module Msf::HTTP::Wordpress::Base
|
||||
|
@ -10,16 +9,15 @@ module Msf::HTTP::Wordpress::Base
|
|||
'method' => 'GET',
|
||||
'uri' => normalize_uri(target_uri.path)
|
||||
)
|
||||
return res if res &&
|
||||
res.code == 200 &&
|
||||
(
|
||||
res.body =~ /["'][^"']*\/#{Regexp.escape(wp_content_dir)}\/[^"']*["']/i ||
|
||||
res.body =~ /<link rel=["']wlwmanifest["'].*href=["'].*\/wp-includes\/wlwmanifest\.xml["'] \/>/i ||
|
||||
res.body =~ /<link rel=["']pingback["'].*href=["'].*\/xmlrpc\.php["'](?: \/)*>/i
|
||||
)
|
||||
wordpress_detect_regexes = [
|
||||
/["'][^"']*\/#{Regexp.escape(wp_content_dir)}\/[^"']*["']/i,
|
||||
/<link rel=["']wlwmanifest["'].*href=["'].*\/wp-includes\/wlwmanifest\.xml["'] \/>/i,
|
||||
/<link rel=["']pingback["'].*href=["'].*\/xmlrpc\.php["'](?: \/)*>/i
|
||||
]
|
||||
return res if res && res.code == 200 && res.body && wordpress_detect_regexes.any? { |r| res.body =~ r }
|
||||
return nil
|
||||
rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout
|
||||
print_error("#{peer} - Error connecting to #{target_uri}")
|
||||
rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout => e
|
||||
print_error("#{peer} - Error connecting to #{target_uri}: #{e}")
|
||||
return nil
|
||||
end
|
||||
end
|
||||
|
|
|
@ -49,7 +49,7 @@ module Msf::HTTP::Wordpress::Helpers
|
|||
options.merge!({'vars_post' => vars_post})
|
||||
options.merge!({'cookie' => login_cookie}) if login_cookie
|
||||
res = send_request_cgi(options)
|
||||
if res and (res.code == 301 or res.code == 302) and res.headers['Location']
|
||||
if res and res.redirect? and res.redirection
|
||||
return wordpress_helper_parse_location_header(res)
|
||||
else
|
||||
message = "#{peer} - Post comment failed."
|
||||
|
@ -101,7 +101,7 @@ module Msf::HTTP::Wordpress::Helpers
|
|||
else
|
||||
return res.body
|
||||
end
|
||||
elsif res and (res.code == 301 or res.code == 302) and res.headers['Location']
|
||||
elsif res && res.redirect? && res.redirection
|
||||
path = wordpress_helper_parse_location_header(res)
|
||||
return wordpress_helper_check_post_id(path, comments_enabled, login_cookie)
|
||||
end
|
||||
|
@ -113,9 +113,9 @@ module Msf::HTTP::Wordpress::Helpers
|
|||
# @param res [Rex::Proto::Http::Response] The HTTP response
|
||||
# @return [String,nil] the path and query, nil on error
|
||||
def wordpress_helper_parse_location_header(res)
|
||||
return nil unless res and (res.code == 301 or res.code == 302) and res.headers['Location']
|
||||
return nil unless res && res.redirect? && res.redirection
|
||||
|
||||
location = res.headers['Location']
|
||||
location = res.redirection
|
||||
path_from_uri(location)
|
||||
end
|
||||
|
||||
|
|
|
@ -1,4 +1,3 @@
|
|||
# encoding: UTF-8
|
||||
# -*- coding: binary -*-
|
||||
|
||||
module Msf::HTTP::Wordpress::Login
|
||||
|
@ -15,7 +14,7 @@ module Msf::HTTP::Wordpress::Login
|
|||
'vars_post' => wordpress_helper_login_post_data(user, pass, redirect)
|
||||
)
|
||||
|
||||
if res && (res.code == 301 || res.code == 302) && res.headers['Location'] == redirect
|
||||
if res && res.redirect? && res.redirection == redirect
|
||||
cookies = res.get_cookies
|
||||
# Check if a valid wordpress cookie is returned
|
||||
return cookies if
|
||||
|
|
|
@ -112,7 +112,7 @@ module Msf::HTTP::Wordpress::Posts
|
|||
count = max_redirects
|
||||
|
||||
# Follow redirects
|
||||
while (res.code == 301 || res.code == 302) and res.headers['Location'] and count != 0
|
||||
while res.redirect? && res.redirection && count != 0
|
||||
path = wordpress_helper_parse_location_header(res)
|
||||
return nil unless path
|
||||
|
||||
|
|
|
@ -33,7 +33,7 @@ module Msf::HTTP::Wordpress::Users
|
|||
'uri' => url
|
||||
})
|
||||
|
||||
if res and res.code == 301
|
||||
if res and res.redirect?
|
||||
uri = wordpress_helper_parse_location_header(res)
|
||||
return nil unless uri
|
||||
# try to extract username from location
|
||||
|
|
|
@ -1,4 +1,3 @@
|
|||
# encoding: UTF-8
|
||||
# -*- coding: binary -*-
|
||||
|
||||
module Msf::HTTP::Wordpress::Version
|
||||
|
@ -88,7 +87,7 @@ module Msf::HTTP::Wordpress::Version
|
|||
when :theme
|
||||
folder = 'themes'
|
||||
else
|
||||
fail("Unknown type #{type}")
|
||||
fail("Unknown readme type #{type}")
|
||||
end
|
||||
|
||||
readme_url = normalize_uri(target_uri.path, wp_content_dir, folder, name, 'readme.txt')
|
||||
|
@ -121,7 +120,6 @@ module Msf::HTTP::Wordpress::Version
|
|||
# Not in range, nut vulnerable
|
||||
return Msf::Exploit::CheckCode::Safe
|
||||
end
|
||||
return
|
||||
# version newer than fixed version
|
||||
else
|
||||
return Msf::Exploit::CheckCode::Safe
|
||||
|
|
|
@ -1,5 +1,3 @@
|
|||
# encoding: UTF-8
|
||||
|
||||
##
|
||||
# This module requires Metasploit: http//metasploit.com/download
|
||||
# Current source: https://github.com/rapid7/metasploit-framework
|
||||
|
@ -72,8 +70,8 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
)
|
||||
|
||||
# forward to profile.php or other page?
|
||||
if res && res.code.to_s =~ /30[0-9]/ && res.headers['Location']
|
||||
location = res.headers['Location']
|
||||
if res && res.redirect? && res.redirection
|
||||
location = res.redirection
|
||||
print_status("#{peer} - Following redirect to #{location}")
|
||||
res = send_request_cgi(
|
||||
'uri' => location,
|
||||
|
|
|
@ -1,5 +1,3 @@
|
|||
# encoding: UTF-8
|
||||
|
||||
##
|
||||
# This module requires Metasploit: http//metasploit.com/download
|
||||
# Current source: https://github.com/rapid7/metasploit-framework
|
||||
|
|
Loading…
Reference in New Issue