Nmap Development mailing list archives
Re: [SCRIPT] http-wordpress-enum.nse: improvements.
From: David Fifield <david () bamsoftware com>
Date: Tue, 7 Aug 2012 09:28:28 -0700
On Sat, Aug 04, 2012 at 03:41:34PM +0200, Eugenio Delfa wrote:
Hi, I've found some cases (due to wp themes) that instead of 404/30x expected code, I get a 200 HTTP code and "http://www.example.com/author/feed/" HREF link for a non existant ID. With ([^/]*) instead of (.-) pattern, this problem is solved. On the other hand, in some pentesting process, we may need to retrieve all usernames. So for this I added 'threshold' parameter, for limit=0 value. In this particular case, we still enumerating until reach 'threshold' invalid ID's .
Could you please make these as two separate patches, and make the patches with "svn diff" or "diff -u"? David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [SCRIPT] http-wordpress-enum.nse: improvements. Eugenio Delfa (Aug 04)
- Re: [SCRIPT] http-wordpress-enum.nse: improvements. Ron (Aug 04)
- Re: [SCRIPT] http-wordpress-enum.nse: improvements. David Fifield (Aug 07)