/spec/lib/msf/http/wordpress/login_spec.rb

https://github.com/debbiemezyene/metasploit-framework · Ruby · 73 lines · 59 code · 13 blank · 1 comment · 1 complexity · bf655c61bfdc7af765ce8a86b91deada MD5 · raw file

  1. # -*- coding:binary -*-
  2. require 'spec_helper'
  3. require 'msf/core'
  4. require 'msf/core/exploit'
  5. require 'rex/proto/http/response'
  6. require 'msf/http/wordpress'
  7. describe Msf::HTTP::Wordpress::Login do
  8. subject do
  9. mod = ::Msf::Exploit.new
  10. mod.extend ::Msf::HTTP::Wordpress
  11. mod.send(:initialize)
  12. mod
  13. end
  14. describe '#wordpress_login' do
  15. before :each do
  16. allow(subject).to receive(:send_request_cgi) do |opts|
  17. res = Rex::Proto::Http::Response.new
  18. res.code = 301
  19. if wp_redirect
  20. res['Location'] = wp_redirect
  21. else
  22. res['Location'] = opts['vars_post']['redirect_to']
  23. end
  24. res['Set-Cookie'] = wp_cookie
  25. res.body = 'My Homepage'
  26. res
  27. end
  28. end
  29. let(:wp_redirect) { nil }
  30. context 'when current Wordpress' do
  31. let(:wp_cookie) { 'wordpress_logged_in_1234=1234;' }
  32. it { expect(subject.wordpress_login('user', 'pass')).to eq(wp_cookie) }
  33. end
  34. context 'when current Wordpress sec cookie' do
  35. let(:wp_cookie) { 'wordpress_sec_logged_in_1234=1234;' }
  36. it { expect(subject.wordpress_login('user', 'pass')).to eq(wp_cookie) }
  37. end
  38. context 'when Wordpress 2.5' do
  39. let(:wp_cookie) { 'wordpress_asdf=1234;' }
  40. it { expect(subject.wordpress_login('user', 'pass')).to eq(wp_cookie) }
  41. end
  42. context 'when Wordpress 2.0 user cookie' do
  43. let(:wp_cookie) { 'wordpressuser_1234=1234;' }
  44. it { expect(subject.wordpress_login('user', 'pass')).to eq(wp_cookie) }
  45. end
  46. context 'when Wordpress 2.0 pass cookie' do
  47. let(:wp_cookie) { 'wordpresspass_1234=1234;' }
  48. it { expect(subject.wordpress_login('user', 'pass')).to eq(wp_cookie) }
  49. end
  50. context 'when invalid login' do
  51. let(:wp_cookie) { 'invalid=cookie;' }
  52. it { expect(subject.wordpress_login('invalid', 'login')).to be_nil }
  53. end
  54. context 'when invalid redirect' do
  55. let(:wp_cookie) { 'invalid=cookie;' }
  56. let(:wp_redirect) { '/invalid/redirect' }
  57. it { expect(subject.wordpress_login('invalid', 'login')).to be_nil }
  58. end
  59. end
  60. end