PageRenderTime 43ms CodeModel.GetById 14ms app.highlight 25ms RepoModel.GetById 2ms app.codeStats 0ms

/spec/lib/msf/http/wordpress/login_spec.rb

https://github.com/debbiemezyene/metasploit-framework
Ruby | 73 lines | 59 code | 13 blank | 1 comment | 1 complexity | bf655c61bfdc7af765ce8a86b91deada MD5 | raw file 
 1# -*- coding:binary -*-
 2require 'spec_helper'
 3
 4require 'msf/core'
 5require 'msf/core/exploit'
 6require 'rex/proto/http/response'
 7require 'msf/http/wordpress'
 8
 9describe Msf::HTTP::Wordpress::Login do
10  subject do
11    mod = ::Msf::Exploit.new
12    mod.extend ::Msf::HTTP::Wordpress
13    mod.send(:initialize)
14    mod
15  end
16
17  describe '#wordpress_login' do
18    before :each do
19      allow(subject).to receive(:send_request_cgi) do |opts|
20        res = Rex::Proto::Http::Response.new
21        res.code = 301
22        if wp_redirect
23          res['Location'] = wp_redirect
24        else
25          res['Location'] = opts['vars_post']['redirect_to']
26        end
27        res['Set-Cookie'] = wp_cookie
28        res.body = 'My Homepage'
29        res
30      end
31    end
32
33    let(:wp_redirect) { nil }
34
35    context 'when current Wordpress' do
36      let(:wp_cookie) { 'wordpress_logged_in_1234=1234;' }
37      it { expect(subject.wordpress_login('user', 'pass')).to eq(wp_cookie) }
38    end
39
40    context 'when current Wordpress sec cookie' do
41      let(:wp_cookie) { 'wordpress_sec_logged_in_1234=1234;' }
42      it { expect(subject.wordpress_login('user', 'pass')).to eq(wp_cookie) }
43    end
44
45    context 'when Wordpress 2.5' do
46      let(:wp_cookie) { 'wordpress_asdf=1234;' }
47      it { expect(subject.wordpress_login('user', 'pass')).to eq(wp_cookie) }
48    end
49
50    context 'when Wordpress 2.0 user cookie' do
51      let(:wp_cookie) { 'wordpressuser_1234=1234;' }
52      it { expect(subject.wordpress_login('user', 'pass')).to eq(wp_cookie) }
53    end
54
55    context 'when Wordpress 2.0 pass cookie' do
56      let(:wp_cookie) { 'wordpresspass_1234=1234;' }
57      it { expect(subject.wordpress_login('user', 'pass')).to eq(wp_cookie) }
58    end
59
60    context 'when invalid login' do
61      let(:wp_cookie) { 'invalid=cookie;' }
62      it { expect(subject.wordpress_login('invalid', 'login')).to be_nil }
63    end
64
65    context 'when invalid redirect' do
66      let(:wp_cookie) { 'invalid=cookie;' }
67      let(:wp_redirect) { '/invalid/redirect' }
68      it { expect(subject.wordpress_login('invalid', 'login')).to be_nil }
69    end
70
71  end
72
73end