Nmap Development mailing list archives
Re: [NSE] http-drupal-users
From: Djalal Harouni <tixxdz () opendz org>
Date: Wed, 21 Mar 2012 11:52:59 +0100
On Tue, Mar 20, 2012 at 11:45:11PM -0400, Patrik Karlsson wrote:
On Tue, Mar 20, 2012 at 4:26 AM, M. Hani Benhailes <kroosec () gmail com>wrote:Hi list, Attached is a script for Drupal usernames enumeration. description = [[ Enumerates Drupal users by exploiting a an information disclosure vulnerability in Views, Drupal's most popular module. Requests to admin/views/ajax/autocomplete/**user/STRING return all usernames that begin with STRING. The script works by iterating STRING over letters to extract all usernames. For more information,see: * http://www.madirish.net/node/**465 <http://www.madirish.net/node/465> ]] --@output -- Interesting ports on some.web.site (123.123.123.123): -- PORT STATE SERVICE REASON -- 80/tcp open http syn-ack -- | http-drupal-users: -- | admin -- | alex -- | manager -- |_ user Cheers, Hani. -- M. Hani Benhabiles OWASP Algeria Student Chapter: Founder/President. http://www.owaspalgeriasc.org https://www.owasp.org/index.**php/Algeria_Student_Chapter<https://www.owasp.org/index.php/Algeria_Student_Chapter> Email: hani.benhabiles () owasp org Twitter: https://twitter.com/#!/kroosec Blog: http://kroosec.blogspot.com _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/Great work Hani! I tested the script against a few sites and it worked great. I've committed the script as r28309 with some minor changes.
Patrik the script was committed as http-drupal-users-enum.nse but usage examples and arguments are using 'http-drupal-users', output tag also. Thanks Hani, Patrik. -- tixxdz http://opendz.org _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] http-drupal-users M. Hani Benhailes (Mar 20)
- Re: [NSE] http-drupal-users Patrik Karlsson (Mar 20)
- Re: [NSE] http-drupal-users Djalal Harouni (Mar 21)
- Re: [NSE] http-drupal-users Patrik Karlsson (Mar 21)
- Re: [NSE] http-drupal-users Djalal Harouni (Mar 21)
- Re: [NSE] http-drupal-users Patrik Karlsson (Mar 20)