Module: WpTarget::WpRegistrable
- Included in:
- WpTarget
- Defined in:
- lib/wpscan/wp_target/wp_registrable.rb
Instance Method Summary (collapse)
- - (Boolean) multisite?
-
- (Boolean) registration_enabled?
Should check wp-login.php if registration is enabled or not.
-
- (String) registration_url
The registration URL.
Instance Method Details
- (Boolean) multisite?
33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 |
# File 'lib/wpscan/wp_target/wp_registrable.rb', line 33 def multisite? unless @multisite # when multi site, there is no redirection or a redirect to the site itself # otherwise redirect to wp-login.php resp = Browser.get(@uri.merge('wp-signup.php').to_s) if resp.code == 302 and resp.headers_hash['location'] =~ /wp-login\.php\?action=register/ @multisite = false elsif resp.code == 302 and resp.headers_hash['location'] =~ /wp-signup\.php/ @multisite = true elsif resp.code == 200 @multisite = true else @multisite = false end end @multisite end |
- (Boolean) registration_enabled?
Should check wp-login.php if registration is enabled or not
9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 |
# File 'lib/wpscan/wp_target/wp_registrable.rb', line 9 def registration_enabled? resp = Browser.get(registration_url) # redirect only on non multi sites if resp.code == 302 and resp.headers_hash['location'] =~ /wp-login\.php\?registration=disabled/i enabled = false # multi site registration form elsif resp.code == 200 and resp.body =~ /<form id="setupform" method="post" action="[^"]*wp-signup\.php[^"]*">/i enabled = true # normal registration form elsif resp.code == 200 and resp.body =~ /<form name="registerform" id="registerform" action="[^"]*wp-login\.php[^"]*"/i enabled = true # registration disabled else enabled = false end enabled end |
- (String) registration_url
The registration URL
28 29 30 |
# File 'lib/wpscan/wp_target/wp_registrable.rb', line 28 def registration_url multisite? ? @uri.merge('wp-signup.php').to_s : @uri.merge('wp-login.php?action=register').to_s end |