Nmap Development mailing list archives
[NSE] http-drupal-users
From: "M. Hani Benhailes" <kroosec () gmail com>
Date: Tue, 20 Mar 2012 09:26:16 +0100
Hi list, Attached is a script for Drupal usernames enumeration. description = [[Enumerates Drupal users by exploiting a an information disclosure vulnerability in Views, Drupal's most popular module.
Requests to admin/views/ajax/autocomplete/user/STRING return all usernames that begin with STRING.
The script works by iterating STRING over letters to extract all usernames. For more information,see: * http://www.madirish.net/node/465 ]] --@output -- Interesting ports on some.web.site (123.123.123.123): -- PORT STATE SERVICE REASON -- 80/tcp open http syn-ack -- | http-drupal-users: -- | admin -- | alex -- | manager -- |_ user Cheers, Hani. -- M. Hani Benhabiles OWASP Algeria Student Chapter: Founder/President. http://www.owaspalgeriasc.org https://www.owasp.org/index.php/Algeria_Student_Chapter Email: hani.benhabiles () owasp org Twitter: https://twitter.com/#!/kroosec Blog: http://kroosec.blogspot.com
Attachment:
http-drupal-users-enum.nse
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] http-drupal-users M. Hani Benhailes (Mar 20)
- Re: [NSE] http-drupal-users Patrik Karlsson (Mar 20)
- Re: [NSE] http-drupal-users Djalal Harouni (Mar 21)
- Re: [NSE] http-drupal-users Patrik Karlsson (Mar 21)
- Re: [NSE] http-drupal-users Djalal Harouni (Mar 21)
- Re: [NSE] http-drupal-users Patrik Karlsson (Mar 20)