WordPress.org

Forums

Stop User Enumeration
[resolved] Bypass protection with URL-encoded null bytes (4 posts)

  1. cvcrckt
    Member
    Posted 2 years ago #

    The protection offered by stop-user-enumeration 1.2.4 may be bypassed by adding a URL-encoded null byte ('%00') between 'author' and '=' in the URL query string. The URL-encoded null byte may be extended with any combination of additional zeros and/or percent characters.

    Proposed change to the regexes here:

    https://github.com/cvcrckt/stop-user-enumeration/commit/dbc59a41c04e8fe29f1a37474986d401c02410c1

    https://wordpress.org/plugins/stop-user-enumeration/

  2. Badlywired
    Member
    Plugin Author

    Posted 2 years ago #

    Thanks for both the vulnerability and the suggested edit. I hope to be able to make a release shortly

  3. Badlywired
    Member
    Plugin Author

    Posted 1 year ago #

    I am including this in the next release.

    It is only required in the second match.

    The first match is there to allow genuine get calls to author in the admin backend to get through (as when you click on 'author' links in posts is uses author in the query string )

  4. Badlywired
    Member
    Plugin Author

    Posted 1 year ago #

    Released

Topic Closed

This topic has been closed to new replies.

About this Plugin

  • Stop User Enumeration
  • Frequently Asked Questions
  • Support Threads
  • Reviews

About this Topic

Tags

No tags yet.