http/vulnerabilities/wordpress/wordpress-rdf-user-enum.yaml

id: wordpress-rdf-user-enum

info:
  name: Wordpress RDF User Enumeration
  author: r3dg33k
  severity: info
  description: Leaked Wordpress RDF leads to User Emumeration.
  metadata:
    max-request: 1
  tags: wordpress,enum

http:
  - method: GET
    path:
      - '{{BaseURL}}/feed/rdf'

    host-redirects: true

    matchers-condition: and
    matchers:
      - type: word
        part: header
        words:
          - "application/rdf+xml"

      - type: word
        part: body
        words:
          - "<rdf:RDF"
          - "<dc:creator>"
        condition: and

      - type: status
        status:
          - 200

    extractors:
      - type: regex
        part: body
        group: 1
        regex:
          - '<dc\:creator><\!\[CDATA\[(.*?)\]\]></dc'
# digest: 4a0a0047304502207632fd44ca378bbf59e176a8c8425fb67a24af24b88eee0a8976556b7aa271e1022100d799fe266806647f745dcd0d6cdaf5e3d9f8b09f81ea4151e2095707ad3780bb:922c64590222798bb761d5b6d8e72950
updating file name 2021-11-04 15:43:49 +05:30			`id: wordpress-rdf-user-enum`
Update and rename wordpress-rdf-user-enum.yaml to rdf-user-enumeration.yaml 2021-11-01 15:37:58 +05:30
Add files via upload 2021-10-30 13:46:56 +03:00			`info:`
Update and rename wordpress-rdf-user-enum.yaml to rdf-user-enumeration.yaml 2021-11-01 15:37:58 +05:30			`name: Wordpress RDF User Enumeration`
Add files via upload 2021-10-30 13:46:56 +03:00			`author: r3dg33k`
			`severity: info`
Updated descriptions of templates 2024-01-02 21:15:12 +05:30			`description: Leaked Wordpress RDF leads to User Emumeration.`
Added max request counter of each template 2023-04-28 13:41:21 +05:30			`metadata:`
			`max-request: 1`
templateman update 2023-10-14 16:57:55 +05:30			`tags: wordpress,enum`
Update wordpress-rdf-user-enum.yaml 2021-10-30 13:57:53 +03:00
Refactoring the directory structure based on protocols (#7137) * moving http templates * updated cves.json * moved network CVEs * updated scripts * updated workflows * updated requests to http * replaced network to tcp --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> 2023-04-27 09:58:59 +05:30			`http:`
Add files via upload 2021-10-30 13:46:56 +03:00			`- method: GET`
			`path:`
			`- '{{BaseURL}}/feed/rdf'`
templateman update 2023-10-14 16:57:55 +05:30
Using "host-redirects" instead of "redirects" to avoid scanning 3rd party / out of scope hosts. (#5491) 2022-10-08 02:57:25 +05:30			`host-redirects: true`
Add files via upload 2021-10-30 13:46:56 +03:00
			`matchers-condition: and`
			`matchers:`
Update wordpress-rdf-user-enum.yaml 2021-11-01 15:30:54 +05:30			`- type: word`
			`part: header`
			`words:`
			`- "application/rdf+xml"`

			`- type: word`
			`part: body`
			`words:`
			`- "<rdf:RDF"`
			`- "<dc:creator>"`
			`condition: and`
Update wordpress-rdf-user-enum.yaml 2021-11-01 15:33:06 +05:30
Add files via upload 2021-10-30 13:46:56 +03:00			`- type: status`
			`status:`
			`- 200`
Update wordpress-rdf-user-enum.yaml 2021-10-30 13:57:53 +03:00
Add files via upload 2021-10-30 13:46:56 +03:00			`extractors:`
			`- type: regex`
			`part: body`
Update wordpress-rdf-user-enum.yaml 2021-11-01 15:30:54 +05:30			`group: 1`
Add files via upload 2021-10-30 13:46:56 +03:00			`regex:`
updating file name 2021-11-04 15:43:49 +05:30			`- '<dc\:creator><\!\[CDATA\[(.*?)\]\]></dc'`
chore: sign templates 🤖 2024-12-01 13:57:55 +00:00			`# digest: 4a0a0047304502207632fd44ca378bbf59e176a8c8425fb67a24af24b88eee0a8976556b7aa271e1022100d799fe266806647f745dcd0d6cdaf5e3d9f8b09f81ea4151e2095707ad3780bb:922c64590222798bb761d5b6d8e72950`