Drupal User Enumeration Scanner
Drupal User Enumeration Scanner
Short Info
Level
High
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
15 seconds
Time Interval
4 days
Scan only one
Domain, IPv4
Toolbox
-
Enumerates Drupal users by exploiting an information disclosure vulnerability in Views, Drupal's most popular module.
Requests to admin/views/ajax/autocomplete/user/STRING return all usernames that begin with STRING. The script works by iterating STRING over letters to extract all usernames.
For more information, see: