nuclei-templates icon indicating copy to clipboard operation
nuclei-templates copied to clipboard

Published 20 hours ago verified publisher icon projectdiscovery

Added wordpress-email-leak.yaml

Open uiltonlopes opened this issue 2 years ago • 1 comments

Template / PR Information

  • The endpoint supports the parameter “search”. Its value is match against all user’s fields including the email address. With simple automation it is possible to discover each email address. The user information associated to an email matched will be returned in the JSON response.
  • References: https://www.gosecure.net/blog/2021/03/16/6-ways-to-enumerate-wordpress-users/

Template Validation

I've validated this template locally?

  • [x] YES
  • [ ] NO

Additional Details (leave it blank if not applicable)

Additional References:

uiltonlopes avatar Jul 16 '22 16:07 uiltonlopes

Hello @uiltonlopes, thank you so much for sharing this template with the community and contributing to this project 🍻

However, the above template will result in a lot of false positives, it will even match responses without any email addresses. Please let me know if you can provide the redacted debug data so that we can validate this template. Thanks

princechaddha avatar Jul 18 '22 09:07 princechaddha

Closing this PR because of inactivity. Feel free to create another PR for this issue.

princechaddha avatar Sep 16 '22 11:09 princechaddha