adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c3f5bd3de2d1affa01e2f6c2066c6bb0fc6413bc
metasploit-gs/api/Msf/Exploit/Remote/HTTP/Wordpress/Posts.html
T

1420 lines
47 KiB
HTML
Raw Normal View History

Reboot gh-pages
2026-05-08 17:08:43 +00:00
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>
Module: Msf::Exploit::Remote::HTTP::Wordpress::Posts
&mdash; Documentation by YARD 0.9.37
</title>
<link rel="stylesheet" href="../../../../../css/style.css" type="text/css" />
<link rel="stylesheet" href="../../../../../css/common.css" type="text/css" />
<script type="text/javascript">
pathId = "Msf::Exploit::Remote::HTTP::Wordpress::Posts";
relpath = '../../../../../';
</script>
<script type="text/javascript" charset="utf-8" src="../../../../../js/jquery.js"></script>
<script type="text/javascript" charset="utf-8" src="../../../../../js/app.js"></script>
</head>
<body>
<div class="nav_wrap">
<iframe id="nav" src="../../../../../class_list.html?1"></iframe>
<div id="resizer"></div>
</div>
<div id="main" tabindex="-1">
<div id="header">
<div id="menu">
<a href="../../../../../_index.html">Index (P)</a> &raquo;
<span class='title'><span class='object_link'><a href="../../../../../Msf.html" title="Msf (module)">Msf</a></span></span> &raquo; <span class='title'><span class='object_link'><a href="../../../../Exploit.html" title="Msf::Exploit (class)">Exploit</a></span></span> &raquo; <span class='title'><span class='object_link'><a href="../../../Remote.html" title="Msf::Exploit::Remote (class)">Remote</a></span></span> &raquo; <span class='title'><span class='object_link'><a href="../../HTTP.html" title="Msf::Exploit::Remote::HTTP (module)">HTTP</a></span></span> &raquo; <span class='title'><span class='object_link'><a href="../Wordpress.html" title="Msf::Exploit::Remote::HTTP::Wordpress (module)">Wordpress</a></span></span>
&raquo;
<span class="title">Posts</span>
</div>
<div id="search">
<a class="full_list_link" id="class_list_link"
href="../../../../../class_list.html">
<svg width="24" height="24">
<rect x="0" y="4" width="24" height="4" rx="1" ry="1"></rect>
<rect x="0" y="12" width="24" height="4" rx="1" ry="1"></rect>
<rect x="0" y="20" width="24" height="4" rx="1" ry="1"></rect>
</svg>
</a>
</div>
<div class="clear"></div>
</div>
<div id="content"><h1>Module: Msf::Exploit::Remote::HTTP::Wordpress::Posts
</h1>
<div class="box_info">
<dl>
<dt>Included in:</dt>
<dd><span class='object_link'><a href="../Wordpress.html" title="Msf::Exploit::Remote::HTTP::Wordpress (module)">Msf::Exploit::Remote::HTTP::Wordpress</a></span></dd>
</dl>
<dl>
<dt>Defined in:</dt>
<dd>lib/msf/core/exploit/remote/http/wordpress/posts.rb</dd>
</dl>
</div>
<h2>
Instance Method Summary
<small><a href="#" class="summary_toggle">collapse</a></small>
</h2>
<ul class="summary">
<li class="public ">
<span class="summary_signature">
<a href="#get_post_id_from_body-instance_method" title="#get_post_id_from_body (instance method)">#<strong>get_post_id_from_body</strong>(body) &#x21d2; String<sup>?</sup> </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Gets the post_id from a post body.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#wordpress_bruteforce_valid_post_id-instance_method" title="#wordpress_bruteforce_valid_post_id (instance method)">#<strong>wordpress_bruteforce_valid_post_id</strong>(min_post_id, max_post_id, login_cookie = nil) &#x21d2; Integer<sup>?</sup> </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Tries to bruteforce a valid post_id.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#wordpress_bruteforce_valid_post_id_with_comments_enabled-instance_method" title="#wordpress_bruteforce_valid_post_id_with_comments_enabled (instance method)">#<strong>wordpress_bruteforce_valid_post_id_with_comments_enabled</strong>(min_post_id, max_post_id, login_cookie = nil) &#x21d2; Integer<sup>?</sup> </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Tries to bruteforce a valid post_id with comments enabled.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#wordpress_get_all_blog_posts_via_feed-instance_method" title="#wordpress_get_all_blog_posts_via_feed (instance method)">#<strong>wordpress_get_all_blog_posts_via_feed</strong>(max_redirects = 10) &#x21d2; Array&lt;String&gt;<sup>?</sup> </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Tries to get some Blog Posts via the RSS feed.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#wordpress_get_unauth_comment_cookies-instance_method" title="#wordpress_get_unauth_comment_cookies (instance method)">#<strong>wordpress_get_unauth_comment_cookies</strong>(author, email, url) &#x21d2; String </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Wordpress shows moderated comments to the unauthenticated Posting user Users are identified by their cookie.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#wordpress_post_comment_auth-instance_method" title="#wordpress_post_comment_auth (instance method)">#<strong>wordpress_post_comment_auth</strong>(comment, comment_post_id, login_cookie) &#x21d2; String<sup>?</sup> </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Posts a comment as an authenticated user.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#wordpress_post_comment_no_auth-instance_method" title="#wordpress_post_comment_no_auth (instance method)">#<strong>wordpress_post_comment_no_auth</strong>(comment, comment_post_id, author, email, url) &#x21d2; String<sup>?</sup> </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Posts a comment as an unauthenticated user.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#wordpress_post_comments_enabled%3F-instance_method" title="#wordpress_post_comments_enabled? (instance method)">#<strong>wordpress_post_comments_enabled?</strong>(url, login_cookie = nil) &#x21d2; String<sup>?</sup> </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Checks if the provided post has comments enabled.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#wordpress_post_id_comments_enabled%3F-instance_method" title="#wordpress_post_id_comments_enabled? (instance method)">#<strong>wordpress_post_id_comments_enabled?</strong>(post_id, login_cookie = nil) &#x21d2; String<sup>?</sup> </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Checks if the provided post has comments enabled.</p>
</div></span>
</li>
</ul>
<div id="instance_method_details" class="method_details_list">
<h2>Instance Method Details</h2>
<div class="method_details first">
<h3 class="signature first" id="get_post_id_from_body-instance_method">
#<strong>get_post_id_from_body</strong>(body) &#x21d2; <tt>String</tt><sup>?</sup>
</h3><div class="docstring">
<div class="discussion">
<p>Gets the post_id from a post body</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Parameters:</p>
<ul class="param">
<li>
<span class='name'>body</span>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>The body of a post</p>
</div>
</li>
</ul>
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>String</tt>, <tt>nil</tt>)</span>
&mdash;
<div class='inline'>
<p>The post_id, nil when nothing found</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
92
93
94
95</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/http/wordpress/posts.rb', line 92</span>
<span class='kw'>def</span> <span class='id identifier rubyid_get_post_id_from_body'>get_post_id_from_body</span><span class='lparen'>(</span><span class='id identifier rubyid_body'>body</span><span class='rparen'>)</span>
<span class='kw'>return</span> <span class='kw'>nil</span> <span class='kw'>unless</span> <span class='id identifier rubyid_body'>body</span>
<span class='id identifier rubyid_body'>body</span><span class='period'>.</span><span class='id identifier rubyid_match'>match</span><span class='lparen'>(</span><span class='tstring'><span class='regexp_beg'>/</span><span class='tstring_content'>&lt;body class=&quot;[^=]*postid-(\d+)[^=]*&quot;&gt;</span><span class='regexp_end'>/i</span></span><span class='rparen'>)</span><span class='lbracket'>[</span><span class='int'>1</span><span class='rbracket'>]</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="wordpress_bruteforce_valid_post_id-instance_method">
#<strong>wordpress_bruteforce_valid_post_id</strong>(min_post_id, max_post_id, login_cookie = nil) &#x21d2; <tt>Integer</tt><sup>?</sup>
</h3><div class="docstring">
<div class="discussion">
<p>Tries to bruteforce a valid post_id</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Parameters:</p>
<ul class="param">
<li>
<span class='name'>min_post_id</span>
<span class='type'>(<tt>Integer</tt>)</span>
&mdash;
<div class='inline'>
<p>The first post_id to bruteforce</p>
</div>
</li>
<li>
<span class='name'>max_post_id</span>
<span class='type'>(<tt>Integer</tt>)</span>
&mdash;
<div class='inline'>
<p>The last post_id to bruteforce</p>
</div>
</li>
<li>
<span class='name'>login_cookie</span>
<span class='type'>(<tt>String</tt>)</span>
<em class="default">(defaults to: <tt>nil</tt>)</em>
&mdash;
<div class='inline'>
<p>If set perform the bruteforce as an authenticated user</p>
</div>
</li>
</ul>
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>Integer</tt>, <tt>nil</tt>)</span>
&mdash;
<div class='inline'>
<p>The post id, nil when nothing found</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
52
53
54
55
56</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/http/wordpress/posts.rb', line 52</span>
<span class='kw'>def</span> <span class='id identifier rubyid_wordpress_bruteforce_valid_post_id'>wordpress_bruteforce_valid_post_id</span><span class='lparen'>(</span><span class='id identifier rubyid_min_post_id'>min_post_id</span><span class='comma'>,</span> <span class='id identifier rubyid_max_post_id'>max_post_id</span><span class='comma'>,</span> <span class='id identifier rubyid_login_cookie'>login_cookie</span><span class='op'>=</span><span class='kw'>nil</span><span class='rparen'>)</span>
<span class='kw'>return</span> <span class='kw'>nil</span> <span class='kw'>if</span> <span class='id identifier rubyid_min_post_id'>min_post_id</span> <span class='op'>&gt;</span> <span class='id identifier rubyid_max_post_id'>max_post_id</span>
<span class='id identifier rubyid_range'>range</span> <span class='op'>=</span> <span class='const'>Range</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span><span class='id identifier rubyid_min_post_id'>min_post_id</span><span class='comma'>,</span> <span class='id identifier rubyid_max_post_id'>max_post_id</span><span class='rparen'>)</span>
<span class='id identifier rubyid_wordpress_helper_bruteforce_valid_post_id'>wordpress_helper_bruteforce_valid_post_id</span><span class='lparen'>(</span><span class='id identifier rubyid_range'>range</span><span class='comma'>,</span> <span class='kw'>false</span><span class='comma'>,</span> <span class='id identifier rubyid_login_cookie'>login_cookie</span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="wordpress_bruteforce_valid_post_id_with_comments_enabled-instance_method">
#<strong>wordpress_bruteforce_valid_post_id_with_comments_enabled</strong>(min_post_id, max_post_id, login_cookie = nil) &#x21d2; <tt>Integer</tt><sup>?</sup>
</h3><div class="docstring">
<div class="discussion">
<p>Tries to bruteforce a valid post_id with comments enabled</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Parameters:</p>
<ul class="param">
<li>
<span class='name'>min_post_id</span>
<span class='type'>(<tt>Integer</tt>)</span>
&mdash;
<div class='inline'>
<p>The first post_id to bruteforce</p>
</div>
</li>
<li>
<span class='name'>max_post_id</span>
<span class='type'>(<tt>Integer</tt>)</span>
&mdash;
<div class='inline'>
<p>The last post_id to bruteforce</p>
</div>
</li>
<li>
<span class='name'>login_cookie</span>
<span class='type'>(<tt>String</tt>)</span>
<em class="default">(defaults to: <tt>nil</tt>)</em>
&mdash;
<div class='inline'>
<p>If set perform the bruteforce as an authenticated user</p>
</div>
</li>
</ul>
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>Integer</tt>, <tt>nil</tt>)</span>
&mdash;
<div class='inline'>
<p>The post id, nil when nothing found</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
64
65
66
67
68</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/http/wordpress/posts.rb', line 64</span>
<span class='kw'>def</span> <span class='id identifier rubyid_wordpress_bruteforce_valid_post_id_with_comments_enabled'>wordpress_bruteforce_valid_post_id_with_comments_enabled</span><span class='lparen'>(</span><span class='id identifier rubyid_min_post_id'>min_post_id</span><span class='comma'>,</span> <span class='id identifier rubyid_max_post_id'>max_post_id</span><span class='comma'>,</span> <span class='id identifier rubyid_login_cookie'>login_cookie</span><span class='op'>=</span><span class='kw'>nil</span><span class='rparen'>)</span>
<span class='kw'>return</span> <span class='kw'>nil</span> <span class='kw'>if</span> <span class='id identifier rubyid_min_post_id'>min_post_id</span> <span class='op'>&gt;</span> <span class='id identifier rubyid_max_post_id'>max_post_id</span>
<span class='id identifier rubyid_range'>range</span> <span class='op'>=</span> <span class='const'>Range</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span><span class='id identifier rubyid_min_post_id'>min_post_id</span><span class='comma'>,</span> <span class='id identifier rubyid_max_post_id'>max_post_id</span><span class='rparen'>)</span>
<span class='id identifier rubyid_wordpress_helper_bruteforce_valid_post_id'>wordpress_helper_bruteforce_valid_post_id</span><span class='lparen'>(</span><span class='id identifier rubyid_range'>range</span><span class='comma'>,</span> <span class='kw'>true</span><span class='comma'>,</span> <span class='id identifier rubyid_login_cookie'>login_cookie</span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="wordpress_get_all_blog_posts_via_feed-instance_method">
#<strong>wordpress_get_all_blog_posts_via_feed</strong>(max_redirects = 10) &#x21d2; <tt>Array&lt;String&gt;</tt><sup>?</sup>
</h3><div class="docstring">
<div class="discussion">
<p>Tries to get some Blog Posts via the RSS feed</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Parameters:</p>
<ul class="param">
<li>
<span class='name'>max_redirects</span>
<span class='type'>(<tt>Integer</tt>)</span>
<em class="default">(defaults to: <tt>10</tt>)</em>
&mdash;
<div class='inline'>
<p>maximum redirects to follow</p>
</div>
</li>
</ul>
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>Array&lt;String&gt;</tt>, <tt>nil</tt>)</span>
&mdash;
<div class='inline'>
<p>String Array with valid blog posts, nil on error</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/http/wordpress/posts.rb', line 101</span>
<span class='kw'>def</span> <span class='id identifier rubyid_wordpress_get_all_blog_posts_via_feed'>wordpress_get_all_blog_posts_via_feed</span><span class='lparen'>(</span><span class='id identifier rubyid_max_redirects'>max_redirects</span> <span class='op'>=</span> <span class='int'>10</span><span class='rparen'>)</span>
<span class='id identifier rubyid_vprint_status'>vprint_status</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Enumerating Blog posts...</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_blog_posts'>blog_posts</span> <span class='op'>=</span> <span class='lbracket'>[</span><span class='rbracket'>]</span>
<span class='kw'>begin</span>
<span class='id identifier rubyid_vprint_status'>vprint_status</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Locating wordpress feed...</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_res'>res</span> <span class='op'>=</span> <span class='id identifier rubyid_send_request_cgi'>send_request_cgi</span><span class='lparen'>(</span><span class='lbrace'>{</span>
<span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>uri</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_wordpress_url_rss'>wordpress_url_rss</span><span class='comma'>,</span>
<span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>method</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>GET</span><span class='tstring_end'>&#39;</span></span>
<span class='rbrace'>}</span><span class='rparen'>)</span>
<span class='id identifier rubyid_count'>count</span> <span class='op'>=</span> <span class='id identifier rubyid_max_redirects'>max_redirects</span>
<span class='comment'># Follow redirects
</span> <span class='kw'>while</span> <span class='id identifier rubyid_res'>res</span><span class='period'>.</span><span class='id identifier rubyid_redirect?'>redirect?</span> <span class='op'>&amp;&amp;</span> <span class='id identifier rubyid_res'>res</span><span class='period'>.</span><span class='id identifier rubyid_redirection'>redirection</span> <span class='op'>&amp;&amp;</span> <span class='id identifier rubyid_count'>count</span> <span class='op'>!=</span> <span class='int'>0</span>
<span class='id identifier rubyid_path'>path</span> <span class='op'>=</span> <span class='id identifier rubyid_wordpress_helper_parse_location_header'>wordpress_helper_parse_location_header</span><span class='lparen'>(</span><span class='id identifier rubyid_res'>res</span><span class='rparen'>)</span>
<span class='kw'>return</span> <span class='kw'>nil</span> <span class='kw'>unless</span> <span class='id identifier rubyid_path'>path</span>
<span class='id identifier rubyid_vprint_status'>vprint_status</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Web server returned a </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_res'>res</span><span class='period'>.</span><span class='id identifier rubyid_code'>code</span><span class='embexpr_end'>}</span><span class='tstring_content'>...following to </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_path'>path</span><span class='embexpr_end'>}</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_res'>res</span> <span class='op'>=</span> <span class='id identifier rubyid_send_request_cgi'>send_request_cgi</span><span class='lparen'>(</span><span class='lbrace'>{</span>
<span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>uri</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_path'>path</span><span class='comma'>,</span>
<span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>method</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>GET</span><span class='tstring_end'>&#39;</span></span>
<span class='rbrace'>}</span><span class='rparen'>)</span>
<span class='kw'>if</span> <span class='id identifier rubyid_res'>res</span><span class='period'>.</span><span class='id identifier rubyid_code'>code</span> <span class='op'>==</span> <span class='int'>200</span>
<span class='id identifier rubyid_vprint_status'>vprint_status</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Feed located at </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_path'>path</span><span class='embexpr_end'>}</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='kw'>else</span>
<span class='id identifier rubyid_vprint_status'>vprint_status</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Returned a </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_res'>res</span><span class='period'>.</span><span class='id identifier rubyid_code'>code</span><span class='embexpr_end'>}</span><span class='tstring_content'>...</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='kw'>end</span>
<span class='id identifier rubyid_count'>count</span> <span class='op'>=</span> <span class='id identifier rubyid_count'>count</span> <span class='op'>-</span> <span class='int'>1</span>
<span class='kw'>end</span>
<span class='kw'>rescue</span> <span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'>ConnectionRefused</span><span class='comma'>,</span> <span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'>HostUnreachable</span><span class='comma'>,</span> <span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'>ConnectionTimeout</span>
<span class='id identifier rubyid_print_error'>print_error</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Unable to connect</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='kw'>return</span> <span class='kw'>nil</span>
<span class='kw'>end</span>
<span class='kw'>if</span> <span class='id identifier rubyid_res'>res</span><span class='period'>.</span><span class='id identifier rubyid_nil?'>nil?</span> <span class='kw'>or</span> <span class='id identifier rubyid_res'>res</span><span class='period'>.</span><span class='id identifier rubyid_code'>code</span> <span class='op'>!=</span> <span class='int'>200</span>
<span class='id identifier rubyid_vprint_status'>vprint_status</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Did not receive HTTP response for RSS feed</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='kw'>return</span> <span class='id identifier rubyid_blog_posts'>blog_posts</span>
<span class='kw'>end</span>
<span class='comment'># parse out links and place in array
</span> <span class='id identifier rubyid_links'>links</span> <span class='op'>=</span> <span class='id identifier rubyid_res'>res</span><span class='period'>.</span><span class='id identifier rubyid_body'>body</span><span class='period'>.</span><span class='id identifier rubyid_scan'>scan</span><span class='lparen'>(</span><span class='tstring'><span class='regexp_beg'>/</span><span class='tstring_content'>&lt;link&gt;([^&lt;]+)&lt;\/link&gt;</span><span class='regexp_end'>/i</span></span><span class='rparen'>)</span>
<span class='kw'>if</span> <span class='id identifier rubyid_links'>links</span><span class='period'>.</span><span class='id identifier rubyid_nil?'>nil?</span> <span class='kw'>or</span> <span class='id identifier rubyid_links'>links</span><span class='period'>.</span><span class='id identifier rubyid_empty?'>empty?</span>
<span class='id identifier rubyid_vprint_status'>vprint_status</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Feed did not have any links present</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='kw'>return</span> <span class='id identifier rubyid_blog_posts'>blog_posts</span>
<span class='kw'>end</span>
<span class='id identifier rubyid_links'>links</span><span class='period'>.</span><span class='id identifier rubyid_each'>each</span> <span class='kw'>do</span> <span class='op'>|</span><span class='id identifier rubyid_link'>link</span><span class='op'>|</span>
<span class='id identifier rubyid_path'>path</span> <span class='op'>=</span> <span class='id identifier rubyid_path_from_uri'>path_from_uri</span><span class='lparen'>(</span><span class='id identifier rubyid_link'>link</span><span class='lbracket'>[</span><span class='int'>0</span><span class='rbracket'>]</span><span class='rparen'>)</span>
<span class='id identifier rubyid_blog_posts'>blog_posts</span> <span class='op'>&lt;&lt;</span> <span class='id identifier rubyid_path'>path</span> <span class='kw'>if</span> <span class='id identifier rubyid_path'>path</span>
<span class='kw'>end</span>
<span class='kw'>return</span> <span class='id identifier rubyid_blog_posts'>blog_posts</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="wordpress_get_unauth_comment_cookies-instance_method">
#<strong>wordpress_get_unauth_comment_cookies</strong>(author, email, url) &#x21d2; <tt>String</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Wordpress shows moderated comments to the unauthenticated Posting user Users are identified by their cookie</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Parameters:</p>
<ul class="param">
<li>
<span class='name'>author</span>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>The author name used to post the anonymous comment</p>
</div>
</li>
<li>
<span class='name'>email</span>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>The author email used to post the anonymous comment</p>
</div>
</li>
<li>
<span class='name'>url</span>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>The author url used to post the anonymous comment</p>
</div>
</li>
</ul>
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>The cookie string that can be used to see moderated comments</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
33
34
35
36
37
38
39
40
41
42
43
44</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/http/wordpress/posts.rb', line 33</span>
<span class='kw'>def</span> <span class='id identifier rubyid_wordpress_get_unauth_comment_cookies'>wordpress_get_unauth_comment_cookies</span><span class='lparen'>(</span><span class='id identifier rubyid_author'>author</span><span class='comma'>,</span> <span class='id identifier rubyid_email'>email</span><span class='comma'>,</span> <span class='id identifier rubyid_url'>url</span><span class='rparen'>)</span>
<span class='id identifier rubyid_scheme'>scheme</span> <span class='op'>=</span> <span class='id identifier rubyid_ssl'>ssl</span> <span class='op'>?</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>https</span><span class='tstring_end'>&#39;</span></span> <span class='op'>:</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>http</span><span class='tstring_end'>&#39;</span></span>
<span class='id identifier rubyid_port'>port</span> <span class='op'>=</span> <span class='lparen'>(</span><span class='id identifier rubyid_rport'>rport</span> <span class='op'>==</span> <span class='int'>80</span> <span class='kw'>or</span> <span class='id identifier rubyid_rport'>rport</span> <span class='op'>==</span> <span class='int'>443</span><span class='rparen'>)</span> <span class='op'>?</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_end'>&#39;</span></span> <span class='op'>:</span> <span class='id identifier rubyid_rport'>rport</span>
<span class='comment'># siteurl does not contain last slash
</span> <span class='id identifier rubyid_path'>path</span> <span class='op'>=</span> <span class='id identifier rubyid_target_uri'>target_uri</span><span class='period'>.</span><span class='id identifier rubyid_to_s'>to_s</span><span class='period'>.</span><span class='id identifier rubyid_sub'>sub</span><span class='lparen'>(</span><span class='tstring'><span class='regexp_beg'>/</span><span class='tstring_content'>\/$</span><span class='regexp_end'>/</span></span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_siteurl'>siteurl</span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_scheme'>scheme</span><span class='embexpr_end'>}</span><span class='tstring_content'>://</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_rhost'>rhost</span><span class='embexpr_end'>}</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_port'>port</span><span class='embexpr_end'>}</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_path'>path</span><span class='embexpr_end'>}</span><span class='tstring_end'>&quot;</span></span>
<span class='id identifier rubyid_site_hash'>site_hash</span> <span class='op'>=</span> <span class='const'><span class='object_link'><a href="../../../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'>Text</span><span class='period'>.</span><span class='id identifier rubyid_md5'>md5</span><span class='lparen'>(</span><span class='id identifier rubyid_siteurl'>siteurl</span><span class='rparen'>)</span>
<span class='id identifier rubyid_cookie'>cookie</span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>comment_author_</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_site_hash'>site_hash</span><span class='embexpr_end'>}</span><span class='tstring_content'>=</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_author'>author</span><span class='embexpr_end'>}</span><span class='tstring_content'>; </span><span class='tstring_end'>&quot;</span></span>
<span class='id identifier rubyid_cookie'>cookie</span> <span class='op'>&lt;&lt;</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>comment_author_email_</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_site_hash'>site_hash</span><span class='embexpr_end'>}</span><span class='tstring_content'>=</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_email'>email</span><span class='embexpr_end'>}</span><span class='tstring_content'>; </span><span class='tstring_end'>&quot;</span></span>
<span class='id identifier rubyid_cookie'>cookie</span> <span class='op'>&lt;&lt;</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>comment_author_url_</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_site_hash'>site_hash</span><span class='embexpr_end'>}</span><span class='tstring_content'>=</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_url'>url</span><span class='embexpr_end'>}</span><span class='tstring_content'>;</span><span class='tstring_end'>&quot;</span></span>
<span class='id identifier rubyid_cookie'>cookie</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="wordpress_post_comment_auth-instance_method">
#<strong>wordpress_post_comment_auth</strong>(comment, comment_post_id, login_cookie) &#x21d2; <tt>String</tt><sup>?</sup>
</h3><div class="docstring">
<div class="discussion">
<p>Posts a comment as an authenticated user</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Parameters:</p>
<ul class="param">
<li>
<span class='name'>comment</span>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>The comment</p>
</div>
</li>
<li>
<span class='name'>comment_post_id</span>
<span class='type'>(<tt>Integer</tt>)</span>
&mdash;
<div class='inline'>
<p>The Post ID to post the comment to</p>
</div>
</li>
<li>
<span class='name'>login_cookie</span>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>The valid login_cookie</p>
</div>
</li>
</ul>
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>String</tt>, <tt>nil</tt>)</span>
&mdash;
<div class='inline'>
<p>The location of the new comment/post, nil on error</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
10
11
12</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/http/wordpress/posts.rb', line 10</span>
<span class='kw'>def</span> <span class='id identifier rubyid_wordpress_post_comment_auth'>wordpress_post_comment_auth</span><span class='lparen'>(</span><span class='id identifier rubyid_comment'>comment</span><span class='comma'>,</span> <span class='id identifier rubyid_comment_post_id'>comment_post_id</span><span class='comma'>,</span> <span class='id identifier rubyid_login_cookie'>login_cookie</span><span class='rparen'>)</span>
<span class='id identifier rubyid_wordpress_helper_post_comment'>wordpress_helper_post_comment</span><span class='lparen'>(</span><span class='id identifier rubyid_comment'>comment</span><span class='comma'>,</span> <span class='id identifier rubyid_comment_post_id'>comment_post_id</span><span class='comma'>,</span> <span class='id identifier rubyid_login_cookie'>login_cookie</span><span class='comma'>,</span> <span class='kw'>nil</span><span class='comma'>,</span> <span class='kw'>nil</span><span class='comma'>,</span> <span class='kw'>nil</span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="wordpress_post_comment_no_auth-instance_method">
#<strong>wordpress_post_comment_no_auth</strong>(comment, comment_post_id, author, email, url) &#x21d2; <tt>String</tt><sup>?</sup>
</h3><div class="docstring">
<div class="discussion">
<p>Posts a comment as an unauthenticated user</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Parameters:</p>
<ul class="param">
<li>
<span class='name'>comment</span>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>The comment</p>
</div>
</li>
<li>
<span class='name'>comment_post_id</span>
<span class='type'>(<tt>Integer</tt>)</span>
&mdash;
<div class='inline'>
<p>The Post ID to post the comment to</p>
</div>
</li>
<li>
<span class='name'>author</span>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>The author name</p>
</div>
</li>
<li>
<span class='name'>email</span>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>The author email</p>
</div>
</li>
<li>
<span class='name'>url</span>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>The author url</p>
</div>
</li>
</ul>
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>String</tt>, <tt>nil</tt>)</span>
&mdash;
<div class='inline'>
<p>The location of the new comment/post, nil on error</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
22
23
24</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/http/wordpress/posts.rb', line 22</span>
<span class='kw'>def</span> <span class='id identifier rubyid_wordpress_post_comment_no_auth'>wordpress_post_comment_no_auth</span><span class='lparen'>(</span><span class='id identifier rubyid_comment'>comment</span><span class='comma'>,</span> <span class='id identifier rubyid_comment_post_id'>comment_post_id</span><span class='comma'>,</span> <span class='id identifier rubyid_author'>author</span><span class='comma'>,</span> <span class='id identifier rubyid_email'>email</span><span class='comma'>,</span> <span class='id identifier rubyid_url'>url</span><span class='rparen'>)</span>
<span class='id identifier rubyid_wordpress_helper_post_comment'>wordpress_helper_post_comment</span><span class='lparen'>(</span><span class='id identifier rubyid_comment'>comment</span><span class='comma'>,</span> <span class='id identifier rubyid_comment_post_id'>comment_post_id</span><span class='comma'>,</span> <span class='kw'>nil</span><span class='comma'>,</span> <span class='id identifier rubyid_author'>author</span><span class='comma'>,</span> <span class='id identifier rubyid_email'>email</span><span class='comma'>,</span> <span class='id identifier rubyid_url'>url</span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="wordpress_post_comments_enabled?-instance_method">
#<strong>wordpress_post_comments_enabled?</strong>(url, login_cookie = nil) &#x21d2; <tt>String</tt><sup>?</sup>
</h3><div class="docstring">
<div class="discussion">
<p>Checks if the provided post has comments enabled</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Parameters:</p>
<ul class="param">
<li>
<span class='name'>url</span>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>The post url</p>
</div>
</li>
<li>
<span class='name'>login_cookie</span>
<span class='type'>(<tt>String</tt>)</span>
<em class="default">(defaults to: <tt>nil</tt>)</em>
&mdash;
<div class='inline'>
<p>If set perform the check as an authenticated user</p>
</div>
</li>
</ul>
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>String</tt>, <tt>nil</tt>)</span>
&mdash;
<div class='inline'>
<p>the HTTP response body of the post, nil otherwise</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
84
85
86</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/http/wordpress/posts.rb', line 84</span>
<span class='kw'>def</span> <span class='id identifier rubyid_wordpress_post_comments_enabled?'>wordpress_post_comments_enabled?</span><span class='lparen'>(</span><span class='id identifier rubyid_url'>url</span><span class='comma'>,</span> <span class='id identifier rubyid_login_cookie'>login_cookie</span><span class='op'>=</span><span class='kw'>nil</span><span class='rparen'>)</span>
<span class='id identifier rubyid_wordpress_helper_check_post_id'>wordpress_helper_check_post_id</span><span class='lparen'>(</span><span class='id identifier rubyid_url'>url</span><span class='comma'>,</span> <span class='kw'>true</span><span class='comma'>,</span> <span class='id identifier rubyid_login_cookie'>login_cookie</span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="wordpress_post_id_comments_enabled?-instance_method">
#<strong>wordpress_post_id_comments_enabled?</strong>(post_id, login_cookie = nil) &#x21d2; <tt>String</tt><sup>?</sup>
</h3><div class="docstring">
<div class="discussion">
<p>Checks if the provided post has comments enabled</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Parameters:</p>
<ul class="param">
<li>
<span class='name'>post_id</span>
<span class='type'>(<tt>Integer</tt>)</span>
&mdash;
<div class='inline'>
<p>The post ID to check</p>
</div>
</li>
<li>
<span class='name'>login_cookie</span>
<span class='type'>(<tt>String</tt>)</span>
<em class="default">(defaults to: <tt>nil</tt>)</em>
&mdash;
<div class='inline'>
<p>If set perform the check as an authenticated user</p>
</div>
</li>
</ul>
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>String</tt>, <tt>nil</tt>)</span>
&mdash;
<div class='inline'>
<p>the HTTP response body of the post, nil otherwise</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
75
76
77</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/http/wordpress/posts.rb', line 75</span>
<span class='kw'>def</span> <span class='id identifier rubyid_wordpress_post_id_comments_enabled?'>wordpress_post_id_comments_enabled?</span><span class='lparen'>(</span><span class='id identifier rubyid_post_id'>post_id</span><span class='comma'>,</span> <span class='id identifier rubyid_login_cookie'>login_cookie</span><span class='op'>=</span><span class='kw'>nil</span><span class='rparen'>)</span>
<span class='id identifier rubyid_wordpress_helper_check_post_id'>wordpress_helper_check_post_id</span><span class='lparen'>(</span><span class='id identifier rubyid_wordpress_url_post'>wordpress_url_post</span><span class='lparen'>(</span><span class='id identifier rubyid_post_id'>post_id</span><span class='rparen'>)</span><span class='comma'>,</span> <span class='kw'>true</span><span class='comma'>,</span> <span class='id identifier rubyid_login_cookie'>login_cookie</span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
</div>
</div>
<div id="footer">
Generated on Fri May 8 17:02:31 2026 by
<a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
0.9.37 (ruby-3.1.5).
</div>
</div>
</body>
</html>
Reference in New Issue Copy Permalink