#(+)Exploit Title: Wordpress Abuse of Functionality Vulnerability
#(+)Created By: ^Xecuti0n3r
#(+) Date     : 23.04.2011
#(+) Hour     : 13:37 PM
#(+) E-mail   : xecuti0n3r()yahoo.com


Abuse of Functionality (WASC-42):-

Login Username enumeration is possible in Wordpress using a functionality provided by Wordpress itself ;)

Goto: https://site.com/wp-login.php

Case 1:
Enter Wrong Username + Wrong Password.
You'll get and Error stating: "ERROR: Invalid username."  --> Which states that the username does not exist.

Case 2:
Enter Correct Username + Wrong Password.
You'll get and Error stating: "ERROR: The password you entered for the username <Entered_usrername> is incorrect."
This symblolises that the entered username is valid but the password is wrong. 

This process can be automated, because it not protected by captcha. :)

#######################
(+)Exploit Coded by: ^Xecuti0n3r 
(+)Special Thanks to: MaxCaps, d3M0l!tioN3r, aNnIh!LatioN3r
#######################