Fix /author/.../feed/ capture in http-wordpress-users.nse.

Patch by Duarte. https://seclists.org/nmap-dev/2019/q3/17 The regular expression for the case when the server returns a 200 HTTP status is too open, it needs to be more specific. When there is a link similar to the feed link that occurs before the feed link, the expression will include everything between that initial link and the feed link. To fix this, the group that matches/captures the author username will only do so until it finds a forward slash.
2025-12-08 21:51:28 +00:00 · 2019-08-22 23:08:31 +00:00
parent 862054bf5d
commit 8712cbf9a2
2 changed files with 4 additions and 1 deletions
--- a/scripts/http-wordpress-users.nse
+++ b/scripts/http-wordpress-users.nse
@@ -64,7 +64,7 @@ local function get_wp_user(host, port, path, id)
    elseif req.status == 200 then
      -- Users with no posts get a 200 response, but the name is in an RSS link.
      -- http://seclists.org/nmap-dev/2011/q3/812
-      local _, _, user = string.find(req.body, 'https?://.-/author/(.-)/feed/')
+      local _, _, user = string.find(req.body, 'https?://.-/author/([^/]+)/feed/')
      return user
    end
  end