S4E

Drupal User Enumeration Scanner

Drupal User Enumeration Scanner

Short Info


Level

High

Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

15 seconds

Time Interval

4 days

Scan only one

Domain, IPv4

Toolbox

-

Enumerates Drupal users by exploiting an information disclosure vulnerability in Views, Drupal's most popular module.

Requests to admin/views/ajax/autocomplete/user/STRING return all usernames that begin with STRING. The script works by iterating STRING over letters to extract all usernames.

For more information, see:

Get started to protecting your Free Full Security Scan