daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
nuclei-templates/http/vulnerabilities/wordpress/wp-user-enum.yaml

64 lines
2.1 KiB
YAML
Raw Permalink Blame History

id: wp-user-enum
info:
name: WordPress REST API User Enumeration
author: Manas_Harsh,daffainfo,geeknik,dr0pd34d
severity: low
description: |
The REST API exposed user data for all users who had authored a post of a public post type. WordPress 4.7.1 limits this to only post types which have specified that they should be shown within the REST API.
impact: |
An attacker can easily determine valid usernames, which can lead to targeted attacks such as brute force attacks or social engineering.
remediation: |
Install a WordPress plugin such as Stop User Enumeration. Stop User Enumeration is a security plugin designed to detect and prevent hackers scanning your site for user names.
reference:
- https://www.acunetix.com/vulnerabilities/web/wordpress-rest-api-user-enumeration/
- https://wordpress.org/plugins/stop-user-enumeration/
- https://www.afteractive.com/wordpress-user-enumeration-vulnerability/
classification:
cpe: cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 2
vendor: wordpress
product: wordpress
shodan-query:
- http.component:"WordPress"
- http.component:"wordpress"
- cpe:"cpe:2.3:a:wordpress:wordpress"
tags: cve2017,cve,wordpress,wp,edb
http:
- method: GET
path:
- "{{BaseURL}}/wp-json/wp/v2/users/"
- "{{BaseURL}}/?rest_route=/wp/v2/users/"
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
part: body
words:
- '"id":'
- '"name":'
- '"avatar_urls":'
condition: and
- type: word
part: header
words:
- "application/json"
- type: status
status:
- 200
extractors:
- type: json
name: "usernames"
json:
- '.[] | .slug'
- '.[].name'
part: body
# digest: 490a00463044022009bb753e6f7a72783499355eaf86334158ca07d77b4fac18c094fc06600bc2a602200eb3afc59444619644508da0157007a9623b1e8d98f39354962e16cfadeb3228:922c64590222798bb761d5b6d8e72950
Reference in New Issue View Git Blame Copy Permalink