File `http-wordpress-enum`

脚本使用类型: portrule
脚本所属分类: auth, intrusive, vuln
脚本下载地址: http://nmap.org/svn/scripts/http-wordpress-enum.nse

User Summary

Enumerates usernames in Wordpress blog/CMS installations by exploiting an information disclosure vulnerability existing in versions 2.6, 3.1, 3.1.1, 3.1.3 and 3.2-beta2 and possibly others.

Original advisory:

http://www.talsoft.com.ar/index.php/research/security-advisories/wordpress-user-id-and-user-name-disclosure

Script Arguments

http-wordpress-enum.limit

Upper limit for ID search. Default: 25

http-wordpress-enum.out

If set it saves the username list in this file.

http-wordpress-enum.basepath

Base path to Wordpress. Default: /

smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername

See the documentation for the smbauth library.

http.max-cache-size, http.max-pipeline, http.pipeline, http.useragent

See the documentation for the http library.

Example Usage

执行格式

nmap -p80 --script http-wordpress-enum <target>
nmap -sV --script http-wordpress-enum --script-args limit=50 <target>

Script Output

PORT   STATE SERVICE REASON
80/tcp open  http    syn-ack
| http-wordpress-enum: 
| Username found: admin
| Username found: mauricio
| Username found: cesar
| Username found: lean
| Username found: alex
| Username found: ricardo
|_Search stopped at ID #25. Increase the upper limit if necessary with 'http-wordpress-enum.limit'

Requires

Author: Paulino Calderon

License: VER007 整理 http://www.ver007.com

File http-wordpress-enum