Full Disclosure: Re: WordPress User Account Information Leak / Secunia Advisory SA23621

Re: WordPress User Account Information Leak / Secunia Advisory SA23621

From: Maksymilian <max () cert cx>
Date: Fri, 5 Jul 2013 11:16:20 +0200



The corresponding trac entry for wordpress is closed as
"wontfix":
https://core.trac.wordpress.org/ticket/1129

Why?

some people consider this as a security vulnerability but not everybody. eg
drupal

https://drupal.org/node/1004778

In Drupal, is the same problem. Using ctools, you can get username finding

(by [Username])

https://drupal.org/?q=ctools/autocomplete/node/1

(by Amazon)

PoC:
?q=ctools/autocomplete/node/[ID]

In my opinion, this should be fixed. This idea, may be very helpful to
create botnet based on brutal force CMS.


Maksymilian Arciemowicz
http://cxsecurity.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

By Date By Thread

Current thread:

Re: WordPress User Account Information Leak / Secunia Advisory SA23621 Maksymilian (Jul 05)
- Re: WordPress User Account Information Leak / Secunia Advisory SA23621 Dan Ballance (Jul 05)
  - Re: WordPress User Account Information Leak / Secunia Advisory SA23621 adam (Jul 05)
    - Re: WordPress User Account Information Leak / Secunia Advisory SA23621 Dan Ballance (Jul 05)
    - Re: WordPress User Account Information Leak / Secunia Advisory SA23621 Alex (Jul 08)
    - Re: WordPress User Account Information Leak / Secunia Advisory SA23621 Ryan Dewhurst (Jul 08)
    - Re: WordPress User Account Information Leak / Secunia Advisory SA23621 Dan Ballance (Jul 08)
    - Re: WordPress User Account Information Leak / Secunia Advisory SA23621 Maksymilian (Jul 05)