Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Wordpress User Enumeration

By kannthu

Informative
Vidoc logoVidoc Module
#wordpress
Description

Wordpress User Enumeration

What is the "Wordpress User Enumeration?"

The "Wordpress User Enumeration" module is designed to detect user enumeration vulnerabilities in Wordpress websites. It targets Wordpress, a popular content management system (CMS) used for creating websites and blogs. This module is classified as informative, meaning it provides information about potential vulnerabilities but does not actively exploit them. The original author of this module is r3dg33k.

Impact

User enumeration vulnerabilities in Wordpress can allow attackers to gather sensitive information about the website's users, such as usernames and email addresses. This information can be used for further attacks, such as brute-forcing login credentials or launching targeted phishing campaigns.

How the module works?

The "Wordpress User Enumeration" module works by sending a specific HTTP request to the target Wordpress website and analyzing the response. It checks if the response contains a redirect header with a specific format, indicating that user enumeration is possible. The module uses the following matching conditions:

- The response header must match the regular expression pattern: (?i)Location: http(s|):\\/\\/[\\w\\.\\-]+\\/author\\/\\w+

- The response status code must be 301 (Moved Permanently)

By analyzing the response headers and status code, the module can determine if the target Wordpress website is vulnerable to user enumeration.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/?author=1
Matching conditions
regex: (?i)Location: http(s|):\/\/[\w\.\-]+\/au...and
status: 301
Passive global matcher
No matching conditions.
On match action
Report vulnerability