Nmap Development mailing list archives
Re: http-wordpress-enum or (http-wordpress-users)
From: Paulino Calderon Pale <calderon () websec mx>
Date: Wed, 11 Feb 2015 11:42:56 -0600
Hey Thierry, Thanks for the idea. I remember I got that URL from an advisory and it worked well during testing. I will implement your patch and test it. Ps. I’m cc’ing the mailing list in case anyone know other links we could use to extract users. Cheers!
On Feb 11, 2015, at 8:08 AM, thierry schmit <thierry.schmit () gmail com> wrote: Hello, I would like to suggest an improvement to your scrip in the function get_wp_user local function get_wp_user(host, port, path, id) stdnse.print_debug(2, "%s: Trying to get username with id %s", SCRIPT_NAME, id) local req = http.get(host, port, path.."?author="..id, { no_cache = true}) if req.status then stdnse.print_debug(1, "%s: User id #%s returned status %s", SCRIPT_NAME, id, req.status) if req.status == 301 then local _, _, user = string.find(req.header.location, 'https?://.*/.*/(.*)/') return user elseif req.status == 200 then -- Users with no posts get a 200 response, but the name is in an RSS link. -- http://seclists.org/nmap-dev/2011/q3/812 <http://seclists.org/nmap-dev/2011/q3/812> local _, _, user = string.find(req.body, 'https?://.-/author/(.-)/feed/') if user == nil then _, _, user = string.find(req.body, 'body .- author%-(%a-) ') end return user end end return false end this allows to the script to work with at least wordpress 4.0 thank you for the script thierry
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: http-wordpress-enum or (http-wordpress-users) Paulino Calderon Pale (Feb 11)