module WpTarget::WpRegistrable

Public Instance Methods

multisite?() click to toggle source

@return [ Boolean ]

# File lib/wpscan/wp_target/wp_registrable.rb, line 32
def multisite?
  unless @multisite
    # when multi site, there is no redirection or a redirect to the site itself
    # otherwise redirect to wp-login.php
    resp = Browser.get(@uri.merge('wp-signup.php').to_s)

    if resp.code == 302 and resp.headers_hash['location'] =~ /wp-login\.php\?action=register/
      @multisite = false
    elsif resp.code == 302 and resp.headers_hash['location'] =~ /wp-signup\.php/
      @multisite = true
    elsif resp.code == 200
      @multisite = true
    else
      @multisite = false
    end
  end
  @multisite
end
registration_enabled?() click to toggle source

Should check wp-login.php if registration is enabled or not

@return [ Boolean ]

# File lib/wpscan/wp_target/wp_registrable.rb, line 8
def registration_enabled?
  resp = Browser.get(registration_url)
  # redirect only on non multi sites
  if resp.code == 302 and resp.headers_hash['location'] =~ /wp-login\.php\?registration=disabled/
    enabled = false
  # multi site registration form
  elsif resp.code == 200 and resp.body =~ /<form id="setupform" method="post" action="[^"]*wp-signup\.php[^"]*">/
    enabled = true
  # normal registration form
  elsif resp.code == 200 and resp.body =~ /<form name="registerform" id="registerform" action="[^"]*wp-login\.php[^"]*"/
    enabled = true
  # registration disabled
  else
    enabled = false
  end
  enabled
end
registration_url() click to toggle source

@return [ String ] The registration URL

# File lib/wpscan/wp_target/wp_registrable.rb, line 27
def registration_url
  multisite? ? @uri.merge('wp-signup.php').to_s : @uri.merge('wp-login.php?action=register').to_s
end