5.3
CVSSv3

CVE-2017-5487

Published: 15/01/2017 Updated: 21/11/2024

Vulnerability Summary

wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API implementation in WordPress 4.7 prior to 4.7.1 does not properly restrict listings of post authors, which allows remote malicious users to obtain sensitive information via a wp-json/wp/v2/users request.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

wordpress wordpress

Vendor Advisories

Debian Bug report logs - #852767 wordpress: 472 security release (CVE-2017-5610 CVE-2017-5611 CVE-2017-5612) Package: src:wordpress; Maintainer for src:wordpress is Craig Small <csmall@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 27 Jan 2017 06:18:01 UTC Severity: grave Tags: fixed- ...
A vulnerability has been discovered in wordpress exposing user data for all users who had authored a post of a public post type via the REST API wordpress 471 limits this to only post types which have specified that they should be shown within the REST API ...

Exploits

#!usr/bin/php <?php #Author: Mateus aka Dctor #fb: fbcom/hatbashbr/ #E-mail: dctoralves@protonmailch #Site: mateuslinotk header ('Content-type: text/html; charset=UTF-8'); $url= "localhost/"; $payload="wp-json/wp/v2/users/"; $urli = file_get_contents($url$payload); $json = json_decode($urli, true); if($json){ echo "*--- ...

Github Repositories

WordPress CVE-2017-5487 Exploit in Python

WordPress CVE-2017-5487 Exploit in Python Usage Examples: python3 krpexploitpy -h python3 krpexploitpy --url examplesitecom

Penetration scripts developed for POCs in my studies and VAPT works

Pentest-Scripts Penetration scripts developed over my studies and VAPT works wordpress_cve_2017_5487py

CVE-2017-5487-vulnerability-on-NSBM Test site: nsbmaclk Found Vulnerability:- CVE-2017-5487 Usage Download this repository(githubcom/Ravindu-Priyankara/CVE-2017-5487-vulnerability-on-NSBMgit) git clone githubcom/Ravindu-Priyankara/CVE-2017-5487-vulnerability-on-NSBMgit unzip and go to this folder cd '{my github folder name/}'

Wordpress Username Enumeration /CVE-2017-5487,WordPress < 4.7.1 -

wpUsersScan About wpUsersScan Enumerate the users list of the wordpress websites through the REST API / CVE-2017-5487,WordPress &lt; 471 - Username Enumeration Usage $ python wpUsersScanpy URL How to install Clone Clone the repository with: $ git clone githubcom/R3K1NG/wpUsersScangit $ cd wpUsersScan $ python wpUsersS

WPEnum Part of Infohunt3r About WPEnum Enumerate the users list of the wordpress websites through the REST API / CVE-2017-5487,WordPress &lt; 471 - Username Enumeration Installation $ git clone githubcom/sechunt3r/wpenumgit $ cd wpenum $ python wpenumpy Usage $ python wpenumpy URL

Brutepress Wordpress Bruteforce based in CVE-2017-5487 DISCLAIMER: All the scripts should be used for authorized penetration testing and/or educational purposes only Any misuse of this software will not be the responsibility of the author or of any other collaborator Use it at your own networks and/or with the network owner's permission Brutepress will look for users e

Red Team: Summary of Operations Table of Contents Exposed Services Critical Vulnerabilities Exploitation Network Scan To Identify All Available Networks: nmap -sS -PO 1921681* Target Identified Name: Target 1 IP Address: 1921681110 Target Machine Scan Nmap scan results for each machine reveal the below services and OS details: nmap -sV 192168110 The scan

A PoC exploit for CVE-2017-5487 - WordPress User Enumeration.

CVE-2017-5487 - WordPress User Enumeration A vulnerability has been discovered in the REST API implementation of WordPress 47 before 471 This vulnerability is present in the class-wp-rest-users-controllerphp file located in wp-includes/rest-api/endpoints The flaw arises from inadequate restrictions placed on the listings of post authors, which can be exploited by remote a

Bridges l9explore and Nuclei

L9 Nuclei plugin This L9 plugin re-implements a limited Nuclei template parser and runner Checkout ProjectDiscovery's awesome network tools for more information This allows for l9explore to stick to deep-protocol inspections while taking advantage of well maintained templates for web application scanning Features Uses upstream tag fields from l9events to match against

Wordpress Username Enumeration /CVE-2017-5487,WordPress < 4.7.1 -

wpUsersScan About wpUsersScan Enumerate the users list of the wordpress websites through the REST API / CVE-2017-5487,WordPress &lt; 471 - Username Enumeration Usage $ python wpUsersScanpy URL How to install Clone Clone the repository with: $ git clone githubcom/ihebski/wpUsersScangit $ cd wpUsersScan $ python wpUsers

Project 7 - WordPress Pentesting Time spent: 12 hours spent in total Objective: Find, analyze, recreate, and document Three vulnerabilities affecting an old version of WordPress Pentesting Report 1 Authenticated XSS in comments (CVE-2019-9787) Summary: Wordpress did not properly filter comments, leading to remote code execution by unauthenticated user configuration Vulne

LeakIX maintained plugins implementing the l9format golang plugin interface.

l9 suite stock plugins This repository contains LeakIX maintained plugins implementing the l9format golang plugin interface They are currently used by l9explore but could be implemented by Go security tool Current plugins Plugin Protocols Stage Description Author apachestatus_http http http Checks for apache status pages configjson_http http http Scans for valid c

Project 7 - WordPress Pen Testing Time spent: 15 hours spent in total Objective: Find, analyze, recreate, and document five vulnerabilities affecting an old version of WordPress Pen Testing Report 1 (Required) Vulnerability Name or ID Summary: Vulnerability types: XSS (CVE-2015-5714) Tested in version: 42 (affects versions 40 - 43 Fixed in version: 425 GIF Walkth

CVE-2017-5487 Nama_Temuan -Target: [examplecom](lpbmteknokratacid/wp-json/wp/v2/users/] [seteknokratacid/wp-json/wp/v2/users/] -Severity: Medium (51) Deskripsi Deskripsi bla bla Impact Impact Impact Remendation Team IT bisa

POC of CVE-2017-5487 + tool

CVE-2017-5487 POC of CVE-2017-5487 + tool

l9explore - Digs the dirt

l9explore l9explore is a plugin based tool doing deep exploration on a wide range of protocols It can be used to expose leaks, misconfigurations and vulnerabilities on any IP network It is the last layer in the l9 tool suite Features Deep protocol exploration Plugin based system Low memory/CPU footprint Multistage (WIP) Current plugins Plugin Protocols Stage Descripti

The MRK WP REST Permissions Plugin

Fix Disclosure of Users Information via Wordpress API MRK Rest Permissions Plugin by MRK WP This plugin is a simple adjustment to make your user end points require authentication (serve 401) for non-logged in users without the edit post capability This is a perceived vulernability in WordPress The attacker will generally grab a list of users from the WordPress API, and then a

Wordpress xmlrpc.php自动爆破脚本

README 简介 简单的wordpress xmlrpcphp爆破脚本,可以自动从/wp/v2/users(CVE-2017-5487)接口获取用户名进行爆破,适用于大量的wordpress目标爆破 用法 1、自动从/wp/v2/users(CVE-2017-5487)接口获取用户名进行爆破 python3 wp_loginpy -u testcom -pwd passwordtxt -auto 2、指

Project 7 - WordPress Pentesting Time spent: 12 hours spent in total Objective: Find, analyze, recreate, and document Three vulnerabilities affecting an old version of WordPress Pentesting Report 1 Authenticated XSS in comments (CVE-2019-9787) Summary: Wordpress did not properly filter comments, leading to remote code execution by unauthenticated user configuration Vulne

Test |-- cqr |-- -7ab1fa06cc2b6337gif |-- directoryListmd |-- READMEmd |-- 0708 | |-- READMEmd |-- 0709 | |-- READMEmd | |-- 捕获PNG |-- 0710+11 | |-- copied from otherspy | |-- READMEmd |-- 0712 | |-- bling_inpy | |-- cve-2017-5487php | |-- pocpy | |-- READMEmd |-- 0713 |

This is a vulnerability in the Linux kernel that was discovered and disclosed in 2017.

CVE-2017-5487 is a vulnerability in the Linux kernel that was discovered and disclosed in 2017 The vulnerability allows a local attacker to gain root access to a system by exploiting a race condition in the key management subsystem of the kernel The vulnerability can be exploited by a user with a valid account on a affected system, and can be used to gain root privileges and

Codepath assignment 7

Project 7 - WordPress Pentesting Time spent: 5 hours spent in total Objective: Find, analyze, recreate, and document five vulnerabilities affecting an old version of WordPress Pentesting Report CVE-2017-1001000 Summary: The register_routes function in wp-includes/rest-api/endpoints/class-wp-rest-posts-controllerphp in the REST API in WordPress 47x before 472 does no

wordpress

CVE-2017-5487 wordpress

l9 suite stock plugins This repository contains LeakIX maintained plugins implementing the l9format golang plugin interface They are currently used by l9explore but could be implemented by Go security tool Current plugins Plugin Protocols Stage Description Author apachestatus_http http http Checks for apache status pages configjson_http http http Scans for valid c

wordpress

CVE-2017-5487py wordpress

l9 suite stock plugins This repository contains LeakIX maintained plugins implementing the l9format golang plugin interface They are currently used by l9explore but could be implemented by Go security tool Current plugins Plugin Protocols Stage Description Author apachestatus_http http http Checks for apache status pages configjson_http http http Scans for valid c

Wordpress

Jhonsonwannaa-CVE-2017-5487 Wordpress

l9 suite stock plugins This repository contains LeakIX maintained plugins implementing the l9format golang plugin interface They are currently used by l9explore but could be implemented by Go security tool Current plugins Plugin Protocols Stage Description Author apachestatus_http http http Checks for apache status pages configjson_http http http Scans for valid c

l9 suite stock plugins This repository contains LeakIX maintained plugins implementing the l9format golang plugin interface They are currently used by l9explore but could be implemented by Go security tool Current plugins Plugin Protocols Stage Description Author apachestatus_http http http Checks for apache status pages configjson_http http http Scans for valid c

l9 suite stock plugins This repository contains LeakIX maintained plugins implementing the l9format golang plugin interface They are currently used by l9explore but could be implemented by Go security tool Current plugins Plugin Protocols Stage Description Author apachestatus_http http http Checks for apache status pages configjson_http http http Scans for valid c

wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API implementation in WordPress 4.7 before 4.7.1 does not properly restrict listings of post authors, which allows remote attackers to obtain sensitive information via a wp-json/wp/v2/users request.

CVE-2017-5487 Installation 📝 git clone githubcom/dream434/CVE-2017-5487 pip install -r requirementstxt Usage 🚀 python3 leak-wordpress-userpy -list urlstxt -number 10 Disclaimer ⚠️ Use this tool within a legal framework