漏洞描述
Drupal JSON:API username listing was detected via the /user/user endpoint.
drupal-jsonapi-user-listing: Drupal JSON:API Username Listing - Detect
PoC代码[已公开]
id: drupal-jsonapi-user-listing
info:
name: Drupal JSON:API Username Listing - Detect
author: lixts
severity: medium
description: Drupal JSON:API username listing was detected via the /user/user endpoint.
reference:
- https://www.drupal.org/project/drupal/issues/3240913
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cwe-id: CWE-200
metadata:
verified: true
max-request: 1
shodan-query:
- http.component:"drupal"
- cpe:"cpe:2.3:a:drupal:drupal"
product: drupal
vendor: drupal
tags: drupal,exposure,discovery
http:
- method: GET
path:
- "{{BaseURL}}/jsonapi/user/user"
matchers-condition: and
matchers:
- type: regex
regex:
- '\{"display_name":"([A-Sa-z0-9-_]+)"\}'
- type: status
status:
- 200
extractors:
- type: json
json:
- '.data[].attributes.display_name'
# digest: 4a0a0047304502203df1db1aa67ccb413d429580a82df5d87ac7544b211dbdda5271ffa7338b6f19022100abb1ac7cd35158187871bb6c454b18cb00ae26c6bf7952467e43e4557085779d:922c64590222798bb761d5b6d8e72950