Open in app

Sign in

Write

Sign in

I'm curious...how did you get that list of users at the beginning after you grabbed the wps.content
1

ossumpossum

Clark Voss
1 min readAug 27, 2021

--

Good question, I found the list of users by going to the ibm.portal.Template in that case. I have found similar information in the ibm.portal.HiddenPages corisponding to articles written or information leaked from documents. I don't have a specific oid for gathering all users since this may be blocked I have found. But I have recently found another way of querying users that I didn't include in the article, I found this method after writing this. I have been using the PUMA (Portal User Management Architecture) REST API which works even better. Like if you want to grab all the users for instance:

http://example.com/wps/um/secure/users/profiles

Or query users by attributes:

ttp://example.com/wps/um/secure/users/profiles?searchAttributes=uid%3duser

%2A&resultsPerPage=2&sortByAttributes=sn&descending=true

I used this method to find the username of an admin and then guess the admins creds to gain Administrative rights to a site more recently. Here are samples I have been using from this PDF.

https://arquitecturaibm.com/wp-content/uploads/2017/01/Puma-REST-Samples-V1.0.pdf

Hopefully that helps.

--

--

Clark Voss
Clark Voss

Written by Clark Voss

187 Followers
10 Following

I submit bugs and now you can too!

Responses (1)

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams