Web WP Rest Api Disclosure of Admin / Authors Username [Username Enumeration]

WujingKlaus · 15.02.2022

By default most Wordpress admin username is set to admin , but if not and your targetted wordpress site is does not restrict users from accessing parts of the site.
(no 403 protection)
You can mostly find the author / admin username here .

https://targeturl/wp-json/wp/v2/users

then try the names on wp-login.php with invalid password for accurate response ..
if username exist response will be ( invalid password for the user .)

runtim3 · 17.02.2022

Haha thanks this worked !

w3rd · 16.01.2023

WujingKlaus сказал(а):

By default most Wordpress admin username is set to admin , but if not and your targetted wordpress site is does not restrict users from accessing parts of the site.
(no 403 protection)
You can mostly find the author / admin username here .

https://targeturl/wp-json/wp/v2/users
then try the names on wp-login.php with invalid password for accurate response ..
if username exist response will be ( invalid password for the user .)

Holy crap it works! Cool tip! Some WordPress sites disallow it though, but just check their subdomains trolololo.

Web WP Rest Api Disclosure of Admin / Authors Username [Username Enumeration]

WujingKlaus

(L1) cache

runtim3

GANDALF THE GOLDEN

w3rd

floppy-диск