From e480107bd5d33decf33f4b127e895838b5304f14 Mon Sep 17 00:00:00 2001
From: William Vu <William_Vu@rapid7.com>
Date: Wed, 8 Feb 2017 03:51:12 -0600
Subject: [PATCH] Add PostCount (default 100) to list more posts

---
 .../scanner/http/wordpress_content_injection.rb       | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/modules/auxiliary/scanner/http/wordpress_content_injection.rb b/modules/auxiliary/scanner/http/wordpress_content_injection.rb
index 94273de93a..50c7df3a20 100644
--- a/modules/auxiliary/scanner/http/wordpress_content_injection.rb
+++ b/modules/auxiliary/scanner/http/wordpress_content_injection.rb
@@ -41,6 +41,10 @@ class MetasploitModule < Msf::Auxiliary
       OptString.new('POST_CONTENT',  [false, 'Post content']),
       OptString.new('POST_PASSWORD', [false, 'Post password (\'\' for none)'])
     ])
+
+    register_advanced_options([
+      OptInt.new('PostCount', [false, 'Number of posts to list', 100])
+    ])
   end
 
   def check_host(_ip)
@@ -130,8 +134,11 @@ class MetasploitModule < Msf::Auxiliary
     posts = []
 
     res = send_request_cgi({
-      'method' => 'GET',
-      'uri'    => normalize_uri(get_rest_api, 'posts')
+      'method'     => 'GET',
+      'uri'        => normalize_uri(get_rest_api, 'posts'),
+      'vars_get'   => {
+        'per_page' => datastore['PostCount']
+      }
     }, 3.5)
 
     if res && res.code == 200