We have recently seen WordPress User name enumeration Vulnerability disclosure here http://seclists.org/fulldisclosure/2011/May/493
Versions Effected are : 2.6, 3.1, 3.1.1, 3.1.3
Here i am enclosing a simple PoC which could be run on Bash Shell.
(Note : PoC on python is already available for those who are curious)
[github userid=”anantshri” repoid=”script-collection” path=”wp-user-enum.sh” language=”bash”]
Code could be download from here : https://github.com/anantshri/script-collection/blob/master/wp-user-enum.sh
Pingback: protection wordpress username enumeration | Anant Shrivastava : Techno Enthusiast