Stop Nmap NSE enumeration WordPress

 In Functions, Security

Stop Nmap NSE enumeration WordPress

What is Nmap Scripting Engine (NSE) ? 

“The Nmap Scripting Engine (NSE) is one of Nmap’s most powerful and flexible features. It allows users to write (and share) simple scripts to automate a wide variety of networking tasks. Those scripts are then executed in parallel with the speed and efficiency you expect from Nmap. Users can rely on the growing and diverse set of scripts distributed with Nmap, or write their own to meet custom needs.”

Source nmap.org

Overview

WordPress platforms use a parameter called ‘author’. This parameter accepts integer values and represents the ‘User ID’ of users in the web site. For example: http://www.example.com/?author=1

The problems found are:

  1. User ID values are generated consecutively.
  2. When a valid User ID is found, WordPress redirects to a web page with the name of the author.

These problems trigger the following attack vectors:

  1. The query response discloses whether the User ID is enabled.
  2. The query response leaks (by redirection) the User Name corresponding with that User ID. (See update for version 3.1.3)

User IDs can be disabled, leaving holes within the consecutive numbers. Therefore, when an invalid User ID is sent, no redirection is done and no information is disclosed.

 

Add this code snippet to your .htaccess file if your server is running apache web server:

RewriteCond %{REQUEST_URI} !^/wp-admin [NC]
RewriteCond %{QUERY_STRING} author=\d
RewriteRule ^ /? [L,R=301]

If you are on nginx web server you should read this post, click here for more info.

Thank you for seeing my tutorial and fell free to share and comment 🙂 . Do you have a code snippet and you want to see it publish on my site ? I will be more than happy to do it please send me a message (here)

Recommended Posts

Leave a Comment

Start typing and press Enter to search