File `http-drupal-enum-users`

脚本使用类型: portrule
脚本所属分类: discovery, intrusive
脚本下载地址: http://nmap.org/svn/scripts/http-drupal-enum-users.nse

User Summary

Enumerates Drupal users by exploiting a an information disclosure vulnerability in Views, Drupal's most popular module.

Requests to admin/views/ajax/autocomplete/user/STRING return all usernames that begin with STRING. The script works by iterating STRING over letters to extract all usernames.

For more information,see: * http://www.madirish.net/node/465

Script Arguments

http-drupal-enum-users.root

base path. Defaults to "/"

smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername

See the documentation for the smbauth library.

http.max-cache-size, http.max-pipeline, http.pipeline, http.useragent

See the documentation for the http library.

Example Usage

执行格式

nmap --script=http-drupal-enum-users --script-args http-drupal-enum-users.root="/path/" <targets>

Script Output

PORT   STATE SERVICE REASON
80/tcp open  http    syn-ack
| http-drupal-enum-users: 
|   admin 
|   alex
|   manager
|_  user

Requires

Author: Hani Benhabiles

License: VER007 整理 http://www.ver007.com

File http-drupal-enum-users