@return [ Boolean ]
# File lib/wpscan/wp_target/wp_registrable.rb, line 32 def multisite? unless @multisite # when multi site, there is no redirection or a redirect to the site itself # otherwise redirect to wp-login.php resp = Browser.get(@uri.merge('wp-signup.php').to_s) if resp.code == 302 and resp.headers_hash['location'] =~ /wp-login\.php\?action=register/ @multisite = false elsif resp.code == 302 and resp.headers_hash['location'] =~ /wp-signup\.php/ @multisite = true elsif resp.code == 200 @multisite = true else @multisite = false end end @multisite end
Should check wp-login.php if registration is enabled or not
@return [ Boolean ]
# File lib/wpscan/wp_target/wp_registrable.rb, line 8 def registration_enabled? resp = Browser.get(registration_url) # redirect only on non multi sites if resp.code == 302 and resp.headers_hash['location'] =~ /wp-login\.php\?registration=disabled/ enabled = false # multi site registration form elsif resp.code == 200 and resp.body =~ /<form id="setupform" method="post" action="[^"]*wp-signup\.php[^"]*">/ enabled = true # normal registration form elsif resp.code == 200 and resp.body =~ /<form name="registerform" id="registerform" action="[^"]*wp-login\.php[^"]*"/ enabled = true # registration disabled else enabled = false end enabled end
@return [ String ] The registration URL
# File lib/wpscan/wp_target/wp_registrable.rb, line 27 def registration_url multisite? ? @uri.merge('wp-signup.php').to_s : @uri.merge('wp-login.php?action=register').to_s end