id: drupal-user-enum-ajax info: name: Drupal User Enumration [Ajax] author: 0w4ys severity: info metadata: max-request: 4 shodan-query: http.component:"drupal" tags: drupal,misconfig http: - method: GET path: - "{{BaseURL}}/admin/views/ajax/autocomplete/user/a" - "{{BaseURL}}/views/ajax/autocomplete/user/a" - "{{BaseURL}}/?q=admin/views/ajax/autocomplete/user/a" - "{{BaseURL}}/?q=views/ajax/autocomplete/user/a" stop-at-first-match: true matchers-condition: and matchers: - type: word words: - '":"a.' - '":"A.' part: body - type: word words: - "application/json" part: header - type: status status: - 200 extractors: - type: regex part: body regex: - '"[\w \-\_\@\.]+\"'