|
|
|
|
||||
|
Welcome to the GoFuckYourself.com - Adult Webmaster Forum forums. You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so please, join our community today! If you have any problems with the registration process or your account login, please contact us. |
 |
|
|||||||
| Discuss what's fucking going on, and which programs are best and worst. One-time "program" announcements from "established" webmasters are allowed. |
|
|
Thread Tools |
08-11-2009, 08:48 AM
|
#1 |
|
Too lazy to set a custom title
Industry Role:
Join Date: Aug 2002
Posts: 55,212
|
Ok Crybabies: 2.8.3 wordpress remote admin password exploit
Before you make posts saying shit please understand this exploit before you go all bananas.
You can reset the admin password without confirmation, but you dont know the password, and unless you have access to the admin email account it does nothing. http://www.milw0rm.com/exploits/9410 Proof of concept Already a fix out, so dont cry about having to upgrade all the time, if you dont like the product, dont use it, simple. fix, edit 1 line of the code http://core.trac.wordpress.org/changeset/11798 
__________________
Since 1999: 69 Adult Industry awards for Best Hosting Company and professional excellence.  WP Stuff |
|
|
|
08-11-2009, 08:53 AM
|
#2 |
|
Too lazy to wipe my ass
Industry Role:
Join Date: Aug 2002
Location: A Public Bathroom
Posts: 38,485
|
I FUCKIN HATE... Poppy Morgan..
|
|
|
|
08-11-2009, 09:01 AM
|
#3 |
|
Too lazy to set a custom title
Join Date: Dec 2006
Posts: 23,400
|
So since you can't actually get access, how is this an exploit? Other than pissing off the admin of the site with constant e-mails that his admin password changed.
I can see how this could be annoying however.
__________________
i like waffles |
|
|
|
|
08-11-2009, 09:02 AM
|
#4 |
|
Confirmed User
Industry Role:
Join Date: Aug 2008
Location: Hollywood
Posts: 2,785
|
Great news Fris.
|
|
|
|
|
08-11-2009, 10:32 AM
|
#5 |
|
Confirmed User
Join Date: Nov 2002
Posts: 1,249
|
Another reason to delete admin user and use a different username as admin
|
|
|
|
|
08-11-2009, 12:19 PM
|
#6 | |
|
Confirmed User
Industry Role:
Join Date: Jul 2008
Location: In your back seat with duck tape
Posts: 4,568
|
Quote:
__________________
High Performance Vps $10 Linode Manage your Digital Ocean, Linode, or Favorite Cloud Server. Simple, fast, and secure Server Pilot |
|
|
|
|
|
08-11-2009, 12:21 PM
|
#7 | |
|
Confirmed User
Industry Role:
Join Date: Jul 2008
Location: In your back seat with duck tape
Posts: 4,568
|
Quote:
__________________
High Performance Vps $10 Linode Manage your Digital Ocean, Linode, or Favorite Cloud Server. Simple, fast, and secure Server Pilot |
|
|
|
|
|
08-11-2009, 12:22 PM
|
#8 |
|
Adult Content Provider
Industry Role:
Join Date: May 2005
Location: Europe
Posts: 18,243
|
Also htaccess protect your admin folder.
|
|
|
|
|
08-11-2009, 01:15 PM
|
#9 |
|
Too lazy to set a custom title
Industry Role:
Join Date: Feb 2003
Location: NJ
Posts: 13,331
|
fixed.....thanks
__________________
ISeekGirls.com since 2005 |
|
|
|
|
08-11-2009, 02:29 PM
|
#10 |
|
Too lazy to set a custom title
Industry Role:
Join Date: Aug 2002
Posts: 55,212
|
remember it only resets your admin password without confirmation, theirs no way you can know the admin password unless you have access to the admin email, so its not really a exploit, just really unconveinent, cause people will be resettting password, but like i said its fixed.
__________________
Since 1999: 69 Adult Industry awards for Best Hosting Company and professional excellence. WP Stuff |
|
|
|
