Welcome to WebmasterWorld Guest from 54.147.44.13

Forum Moderators: Ocean10000 & incrediBILL

Message Too Old, No Replies

Indy Library

     
12:21 pm on Sep 14, 2012 (gmt 0)

Senior Member

WebmasterWorld Senior Member wilderness is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Nov 11, 2001
posts:5408
votes: 2


This thing been around for ages.
Not sure that I've even seen one in the past six months.

I'm more curious about the vulnerability (search) term?
Anybody have a clue?

80.82.68.83 - - [14/Sep/2012:11:05:53 +0100] "GET /?author=1 HTTP/1.1" 403 559 "-" "Mozilla/3.0 (compatible; Indy Library)"


author= one thru ten was requested.
4:55 am on Sept 15, 2012 (gmt 0)

Junior Member

5+ Year Member

joined:Aug 18, 2010
posts: 49
votes: 0


There's a mention about the user enumeration on WordPress here:
[question-defense.com...]

It's adviced to block it via .htaccess


WordPress 3.3.1 User Count Enumeration - WordPress version 3.3.1 suffers from a user count enumeration vulnerability.
[packetstormsecurity.org...]

WordPress UserId & Username Enumeration Exploit/PoC Script
[riyazwalikar.com...]

Wordpress Brute Force and User Enumeration Utility
[metasploit.com...]
9:29 am on Sept 15, 2012 (gmt 0)

Senior Member

WebmasterWorld Senior Member wilderness is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Nov 11, 2001
posts:5408
votes: 2


"There's a mention about the user enumeration on WordPress here: "

Many thanks.

That fits, as per other WP vulnerability checks from other IP's and UA's.
3:52 am on Sept 17, 2012 (gmt 0)

Junior Member

5+ Year Member

joined:Aug 18, 2010
posts: 49
votes: 0


You're welcome :)