[affiliates.udemy.com] Wordpress user admin information discloure

Disclosed: 2019-04-28 06:33:07 By toannc123 To udemy

Low

Vulnerability Details

### Summary This website using Wordpress CMS, so developer forget to disable the link that can view information of admin user. By access to this link, attacker can get all username and other information of user admin: > http://affiliates.udemy.com/wp-json/wp/v2/users {F312155} Admin user list: * hamza * imanrana * nupoora ## Impact With this vulnerability, attacker can get username of user admin and only brute-force the password for logging in the system.

Actions

View on HackerOne

Report Stats

Report ID: 370777
State: Closed
Substate: resolved
Upvotes: 57

[affiliates.udemy.com] Wordpress user admin information discloure

Vulnerability Details

Actions

Report Stats

Share this report