Elohim Posted February 21, 2014 Report Posted February 21, 2014 Pentru cei care nu le mai mergea bine GET ( site/?author=1 ) cand incercau sa preia userul admin pentru folosinte ulterioare.Stop User Enumeration is a WordPress plugin that provides protectionagainst an unauthenticated attacker gaining a list of all WordPress users.This information can aid an attacker in further attacks against the websiteincluding brute-force password guessing attacks. This can be performedusing wp-scan.Homepage: http://wordpress.org/plugins/stop-user-enumeration/Version: 1.2.4 (latest)According to the full disclosure methodology I have publicly disclosedthis at the same time as notifying the vendor.Advisory-------------An attacker can bypass the username enumeration protection by using POSTrequests. The protection currently only stops GET requests to enumerateusers.By sending POST requests with the body of "author=1" and incrementing thenumber over successive requests, the entire set of WordPress users can beenumerated.The WordPress user information is disclosed in the HTML response body,unlike being disclosed in the redirect header, as with GET requests. 1. POST / HTTP/1.1 Host: www.wordpress.com Content-Type: application/x-www-form-urlencoded Content-Length: 8 author=1WordPress Stop User Enumeration 1.2.4 Bypass ? Packet Storm Quote
