Class: WPScan::Model::XMLRPC
- Inherits:
-
InterestingFinding
- Object
- InterestingFinding
- WPScan::Model::XMLRPC
- Includes:
- References
- Defined in:
- app/models/xml_rpc.rb
Overview
XML-RPC interface.
Constant Summary
Constants included from Finders::Finding
Finders::Finding::FINDING_OPTS
Instance Attribute Summary
Attributes inherited from InterestingFinding
Instance Method Summary collapse
- #available_methods ⇒ Array<String>
- #browser ⇒ Browser
-
#enabled? ⇒ Boolean
Whether or not the XMLRPC is enabled.
- #method_call(method_name, method_params = [], request_params = {}) ⇒ Typhoeus::Request
-
#multi_call(methods_and_params = [], request_params = {}) ⇒ Typhoeus::Request
Example of methods_and_params: [ [method1, param1, param2], [method2, param1], [method3] ].
- #references ⇒ Hash
- #to_s ⇒ String
Methods included from References
#cve_url, #cve_urls, #cves, #exploitdb_ids, #exploitdb_url, #exploitdb_urls, #msf_modules, #msf_url, #msf_urls, #packetstorm_ids, #packetstorm_url, #packetstorm_urls, #references=, #references_urls, #securityfocus_ids, #securityfocus_url, #securityfocus_urls, #urls, #wpvulndb_ids, #wpvulndb_url, #wpvulndb_urls, #youtube_url, #youtube_urls
Methods inherited from InterestingFinding
#==, #entries, #initialize, #type
Methods included from Finders::Finding
#<=>, #confidence, #confidence=, #confirmed_by, #eql?, included, #interesting_entries, #parse_finding_options
Constructor Details
This class inherits a constructor from WPScan::Model::InterestingFinding
Instance Method Details
#available_methods ⇒ Array<String>
20 21 22 23 24 25 26 27 28 29 30 31 32 33 |
# File 'app/models/xml_rpc.rb', line 20 def available_methods return @available_methods if @available_methods @available_methods = [] res = method_call('system.listMethods').run doc = Nokogiri::XML.parse(res.body) doc.search('methodResponse params param value array data value string').each do |s| @available_methods << s.text end @available_methods end |
#browser ⇒ Browser
15 16 17 |
# File 'app/models/xml_rpc.rb', line 15 def browser @browser ||= WPScan::Browser.instance end |
#enabled? ⇒ Boolean
Returns Whether or not the XMLRPC is enabled.
36 37 38 |
# File 'app/models/xml_rpc.rb', line 36 def enabled? !available_methods.empty? end |
#method_call(method_name, method_params = [], request_params = {}) ⇒ Typhoeus::Request
45 46 47 48 49 50 51 52 53 |
# File 'app/models/xml_rpc.rb', line 45 def method_call(method_name, method_params = [], request_params = {}) browser.forge_request( url, request_params.merge( method: :post, body: ::XMLRPC::Create.new.methodCall(method_name, *method_params) ) ) end |
#multi_call(methods_and_params = [], request_params = {}) ⇒ Typhoeus::Request
Example of methods_and_params: [
[method1, param1, param2],
[method2, param1],
[method3]
]
66 67 68 69 70 71 72 73 74 75 76 77 |
# File 'app/models/xml_rpc.rb', line 66 def multi_call(methods_and_params = [], request_params = {}) browser.forge_request( url, request_params.merge( method: :post, body: ::XMLRPC::Create.new.methodCall( 'system.multicall', methods_and_params.collect { |m| { methodName: m[0], params: m[1..] } } ) ) ) end |
#references ⇒ Hash
80 81 82 83 84 85 86 87 88 89 90 |
# File 'app/models/xml_rpc.rb', line 80 def references @references ||= { url: ['http://codex.wordpress.org/XML-RPC_Pingback_API'], metasploit: [ 'auxiliary/scanner/http/wordpress_ghost_scanner', 'auxiliary/dos/http/wordpress_xmlrpc_dos', 'auxiliary/scanner/http/wordpress_xmlrpc_login', 'auxiliary/scanner/http/wordpress_pingback_access' ] } end |
#to_s ⇒ String
10 11 12 |
# File 'app/models/xml_rpc.rb', line 10 def to_s @to_s ||= "XML-RPC seems to be enabled: #{url}" end |