Home / exploits WordPress User Enumeration
Posted on 25 April 2011
#(+)Exploit Title: Wordpress Abuse of Functionality Vulnerability #(+)Created By: ^Xecuti0n3r #(+) Date : 23.04.2011 #(+) Hour : 13:37 PM #(+) E-mail : xecuti0n3r()yahoo.com Abuse of Functionality (WASC-42):- Login Username enumeration is possible in Wordpress using a functionality provided by Wordpress itself ;) Goto: https://site.com/wp-login.php Case 1: Enter Wrong Username + Wrong Password. You'll get and Error stating: "ERROR: Invalid username." --> Which states that the username does not exist. Case 2: Enter Correct Username + Wrong Password. You'll get and Error stating: "ERROR: The password you entered for the username <Entered_usrername> is incorrect." This symblolises that the entered username is valid but the password is wrong. This process can be automated, because it not protected by captcha. :) ####################### (+)Exploit Coded by: ^Xecuti0n3r (+)Special Thanks to: MaxCaps, d3M0l!tioN3r, aNnIh!LatioN3r #######################
