[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] WordPress User Account Information Leak / Secunia Advisory SA23621

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] WordPress User Account Information Leak / Secunia Advisory SA23621
From: Maksymilian <max@xxxxxxx>
Date: Fri, 5 Jul 2013 11:16:20 +0200

>
>
> The corresponding trac entry for wordpress is closed as
> "wontfix":
> https://core.trac.wordpress.org/ticket/1129
>
> Why?
>
>
some people consider this as a security vulnerability but not everybody. eg
drupal

https://drupal.org/node/1004778

In Drupal, is the same problem. Using ctools, you can get username finding

(by [Username])

https://drupal.org/?q=ctools/autocomplete/node/1

(by Amazon)

PoC:
?q=ctools/autocomplete/node/[ID]

In my opinion, this should be fixed. This idea, may be very helpful to
create botnet based on brutal force CMS.


Maksymilian Arciemowicz
http://cxsecurity.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] WordPress User Account Information Leak / Secunia Advisory SA23621
  - From: Dan Ballance

Prev by Date: Re: [Full-disclosure] eResourcePlanner Authentication Bypass/SQL Injection
Next by Date: Re: [Full-disclosure] eResourcePlanner Authentication Bypass/SQL Injection
Previous by thread: Re: [Full-disclosure] eResourcePlanner Authentication Bypass/SQL Injection
Next by thread: Re: [Full-disclosure] WordPress User Account Information Leak / Secunia Advisory SA23621
Index(es):
- Date
- Thread