Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: WordPress User Account Information Leak / Secunia Advisory SA23621

From: Dan Ballance <tzewang.dorje () gmail com>
Date: Fri, 5 Jul 2013 13:02:44 +0100
It seems crazy to me that WordPress is sensible enough to allow you to
change the default admin username to something other than "admin" - but
then so simply exposes that information to anyone that fancies scanning. I
ran wpscan last night across a couple of my installs and sure enough - my
renamed admin accounts show straight up. What a waste of time! :-/


On 5 July 2013 10:16, Maksymilian <max () cert cx> wrote:




The corresponding trac entry for wordpress is closed as
"wontfix":
https://core.trac.wordpress.org/ticket/1129

Why?



some people consider this as a security vulnerability but not everybody.
eg drupal

https://drupal.org/node/1004778

In Drupal, is the same problem. Using ctools, you can get username finding

(by [Username])

https://drupal.org/?q=ctools/autocomplete/node/1

(by Amazon)

PoC:
?q=ctools/autocomplete/node/[ID]

In my opinion, this should be fixed. This idea, may be very helpful to
create botnet based on brutal force CMS.


Maksymilian Arciemowicz
http://cxsecurity.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: