GoFuckYourself.com - Adult Webmaster Forum

GoFuckYourself.com - Adult Webmaster Forum (https://gfy.com/index.php)
-   Fucking Around & Business Discussion (https://gfy.com/forumdisplay.php?f=26)
-   -   Ok Crybabies: 2.8.3 wordpress remote admin password exploit (https://gfy.com/showthread.php?t=921079)

fris 08-11-2009 08:48 AM
Ok Crybabies: 2.8.3 wordpress remote admin password exploit
 
Before you make posts saying shit please understand this exploit before you go all bananas.

You can reset the admin password without confirmation, but you dont know the password, and unless you have access to the admin email account it does nothing.

http://www.milw0rm.com/exploits/9410

Proof of concept

Already a fix out, so dont cry about having to upgrade all the time, if you dont like the product, dont use it, simple.

fix, edit 1 line of the code

http://core.trac.wordpress.org/changeset/11798

:321GFY

CurrentlySober 08-11-2009 08:53 AM
I FUCKIN HATE... Poppy Morgan..

Iron Fist 08-11-2009 09:01 AM
So since you can't actually get access, how is this an exploit? Other than pissing off the admin of the site with constant e-mails that his admin password changed.

I can see how this could be annoying however.

Robocrop 08-11-2009 09:02 AM
Great news Fris.

Hentaikid 08-11-2009 10:32 AM
Another reason to delete admin user and use a different username as admin

tonyparra 08-11-2009 12:19 PM
Quote:
Originally Posted by fris (Post 16170699)
Before you make posts saying shit please understand this exploit before you go all bananas.

You can reset the admin password without confirmation, but you dont know the password, and unless you have access to the admin email account it does nothing.

http://www.milw0rm.com/exploits/9410

Proof of concept



Already a fix out, so dont cry about having to upgrade all the time, if you dont like the product, dont use it, simple.

fix, edit 1 line of the code

http://core.trac.wordpress.org/changeset/11798

:321GFY
I dont use admin on any wordpress site

tonyparra 08-11-2009 12:21 PM
Quote:
Originally Posted by fris (Post 16170699)
Before you make posts saying shit please understand this exploit before you go all bananas.

You can reset the admin password without confirmation, but you dont know the password, and unless you have access to the admin email account it does nothing.

http://www.milw0rm.com/exploits/9410

Proof of concept



Already a fix out, so dont cry about having to upgrade all the time, if you dont like the product, dont use it, simple.

fix, edit 1 line of the code

http://core.trac.wordpress.org/changeset/11798

:321GFY
also mr. fris why so serious lets drink man :drinkup

The Duck 08-11-2009 12:22 PM
Also htaccess protect your admin folder.

TheSenator 08-11-2009 01:15 PM
fixed.....thanks

fris 08-11-2009 02:29 PM
remember it only resets your admin password without confirmation, theirs no way you can know the admin password unless you have access to the admin email, so its not really a exploit, just really unconveinent, cause people will be resettting password, but like i said its fixed.


All times are GMT -7. The time now is 12:07 AM.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc