Fix/handle invalid wp json response

wpscanteam / wpscan

WPScan WordPress security scanner. Written for security professionals and blog maintainers to test the security of their WordPress websites. Contact us via contact@wpscan.com

https://wpscan.com/wordpress-cli-scanner

Other

8.54k stars 1.26k forks source link

Fix/handle invalid wp json response #1818

Open alexsanford opened 10 months ago

alexsanford commented 10 months ago

Fixes #1817

Testing instructions

Add the following code snippet to the WordPress site to simulate an unusual string response from the JSON API.

add_action( 'rest_api_init', function( $wp_rest_server ) { die( '404' ); } );

Run WPScan against the site and try to enumerate users (-e u). It should not crash.

coveralls commented 10 months ago

coverage: 85.984% (+0.02%) from 85.966% when pulling d2841dbf5acd0ef58f4a9b76d4372db4900915b0 on fix/handle-invalid-wp-json-response into 96b6b81d7813194658cdd8ded7b8834c5e5437af on master.