WordPress.org

Ready to get started?Download WordPress

Forums

Stop User Enumeration
[resolved] Bypass protection with URL-encoded null bytes (4 posts)

  1. cvcrckt
    Member
    Posted 1 year ago #

    The protection offered by stop-user-enumeration 1.2.4 may be bypassed by adding a URL-encoded null byte ('%00') between 'author' and '=' in the URL query string. The URL-encoded null byte may be extended with any combination of additional zeros and/or percent characters.

    Proposed change to the regexes here:

    https://github.com/cvcrckt/stop-user-enumeration/commit/dbc59a41c04e8fe29f1a37474986d401c02410c1

    https://wordpress.org/plugins/stop-user-enumeration/

  2. Locally DIgital Ltd
    Member
    Plugin Author

    Posted 1 year ago #

    Thanks for both the vulnerability and the suggested edit. I hope to be able to make a release shortly

  3. Locally DIgital Ltd
    Member
    Plugin Author

    Posted 7 months ago #

    I am including this in the next release.

    It is only required in the second match.

    The first match is there to allow genuine get calls to author in the admin backend to get through (as when you click on 'author' links in posts is uses author in the query string )

  4. Locally DIgital Ltd
    Member
    Plugin Author

    Posted 7 months ago #

    Released

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags

No tags yet.