/spec/lib/msf/http/wordpress/login_spec.rb

https://github.com/debbiemezyene/metasploit-framework · Ruby · 73 lines · 59 code · 13 blank · 1 comment · 1 complexity · bf655c61bfdc7af765ce8a86b91deada MD5 · raw file 

    

  1. # -*- coding:binary -*-
    2. 

  2. require 'spec_helper'
    3. 

  3. 

  4. require 'msf/core'
    5. 

  5. require 'msf/core/exploit'
    6. 

  6. require 'rex/proto/http/response'
    7. 

  7. require 'msf/http/wordpress'
    8. 

  8. 

  9. describe Msf::HTTP::Wordpress::Login do
    10. 

  10.   subject do
    11. 

  11.     mod = ::Msf::Exploit.new
    12. 

  12.     mod.extend ::Msf::HTTP::Wordpress
    13. 

  13.     mod.send(:initialize)
    14. 

  14.     mod
    15. 

  15.   end
    16. 

  16. 

  17.   describe '#wordpress_login' do
    18. 

  18.     before :each do
    19. 

  19.       allow(subject).to receive(:send_request_cgi) do |opts|
    20. 

  20.         res = Rex::Proto::Http::Response.new
    21. 

  21.         res.code = 301
    22. 

  22.         if wp_redirect
    23. 

  23.           res['Location'] = wp_redirect
    24. 

  24.         else
    25. 

  25.           res['Location'] = opts['vars_post']['redirect_to']
    26. 

  26.         end
    27. 

  27.         res['Set-Cookie'] = wp_cookie
    28. 

  28.         res.body = 'My Homepage'
    29. 

  29.         res
    30. 

  30.       end
    31. 

  31.     end
    32. 

  32. 

  33.     let(:wp_redirect) { nil }
    34. 

  34. 

  35.     context 'when current Wordpress' do
    36. 

  36.       let(:wp_cookie) { 'wordpress_logged_in_1234=1234;' }
    37. 

  37.       it { expect(subject.wordpress_login('user', 'pass')).to eq(wp_cookie) }
    38. 

  38.     end
    39. 

  39. 

  40.     context 'when current Wordpress sec cookie' do
    41. 

  41.       let(:wp_cookie) { 'wordpress_sec_logged_in_1234=1234;' }
    42. 

  42.       it { expect(subject.wordpress_login('user', 'pass')).to eq(wp_cookie) }
    43. 

  43.     end
    44. 

  44. 

  45.     context 'when Wordpress 2.5' do
    46. 

  46.       let(:wp_cookie) { 'wordpress_asdf=1234;' }
    47. 

  47.       it { expect(subject.wordpress_login('user', 'pass')).to eq(wp_cookie) }
    48. 

  48.     end
    49. 

  49. 

  50.     context 'when Wordpress 2.0 user cookie' do
    51. 

  51.       let(:wp_cookie) { 'wordpressuser_1234=1234;' }
    52. 

  52.       it { expect(subject.wordpress_login('user', 'pass')).to eq(wp_cookie) }
    53. 

  53.     end
    54. 

  54. 

  55.     context 'when Wordpress 2.0 pass cookie' do
    56. 

  56.       let(:wp_cookie) { 'wordpresspass_1234=1234;' }
    57. 

  57.       it { expect(subject.wordpress_login('user', 'pass')).to eq(wp_cookie) }
    58. 

  58.     end
    59. 

  59. 

  60.     context 'when invalid login' do
    61. 

  61.       let(:wp_cookie) { 'invalid=cookie;' }
    62. 

  62.       it { expect(subject.wordpress_login('invalid', 'login')).to be_nil }
    63. 

  63.     end
    64. 

  64. 

  65.     context 'when invalid redirect' do
    66. 

  66.       let(:wp_cookie) { 'invalid=cookie;' }
    67. 

  67.       let(:wp_redirect) { '/invalid/redirect' }
    68. 

  68.       it { expect(subject.wordpress_login('invalid', 'login')).to be_nil }
    69. 

  69.     end
    70. 

  70. 

  71.   end
    72. 

  72. 

  73. end
    74.