http-drupal-enum-users
脚本使用类型:
portrule
脚本所属分类:
discovery, intrusive
脚本下载地址: http://nmap.org/svn/scripts/http-drupal-enum-users.nse
Enumerates Drupal users by exploiting a an information disclosure vulnerability in Views, Drupal's most popular module.
Requests to admin/views/ajax/autocomplete/user/STRING return all usernames that begin with STRING. The script works by iterating STRING over letters to extract all usernames.
For more information,see: * http://www.madirish.net/node/465
base path. Defaults to "/"
执行格式
nmap --script=http-drupal-enum-users --script-args http-drupal-enum-users.root="/path/" <targets>
PORT STATE SERVICE REASON 80/tcp open http syn-ack | http-drupal-enum-users: | admin | alex | manager |_ user
Author: Hani Benhabiles
License: VER007 整理 http://www.ver007.com