1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

New wordpress securty

Discussion in 'BlackHat Lounge' started by gundamwing, Aug 11, 2009.

  1. gundamwing

    gundamwing Jr. VIP Jr. VIP Premium Member

    Joined:
    Sep 18, 2008
    Messages:
    1,274
    Likes Received:
    913
    Secure your blog now


    Code:
    http://www.milw0rm.com/exploits/9410
    III. DESCRIPTION
    -------------------------
    The way Wordpress handle a password reset looks like this:
    You submit your email adress or username via this form /wp-login.php?action=lostpassword ;
    Wordpress send you a reset confirmation like that via email:

    "
    Someone has asked to reset the password for the following site and username.
    http://DOMAIN_NAME.TLD/wordpress
    Username: admin
    To reset your password visit the following address, otherwise just
    ignore this email and nothing will happen

    http://DOMAIN_NAME.TLD/wordpress/wp-login.php?action=rp&key=o7naCKN3OoeU2KJMMsag
    "

    You click on the link, and then Wordpress reset your admin password, and
    sends you over another email with your new credentials.
     
  2. royalmice

    royalmice BANNED BANNED

    Joined:
    Aug 23, 2007
    Messages:
    1,186
    Likes Received:
    982
    Sorry but i just dont get it, what is it supppose to do, the passw reset thing aint new
     
  3. cheap2art

    cheap2art BANNED BANNED

    Joined:
    Oct 21, 2008
    Messages:
    159
    Likes Received:
    13
    wp just updated but it buggy already?? great!
    btw.. how do hacker know the right "key" to reset the admin password???
     
  4. gundamwing

    gundamwing Jr. VIP Jr. VIP Premium Member

    Joined:
    Sep 18, 2008
    Messages:
    1,274
    Likes Received:
    913
  5. tsanko

    tsanko Senior Member

    Joined:
    Aug 9, 2008
    Messages:
    833
    Likes Received:
    1,038
    Home Page:

    How? :)
     
  6. The Scarlet Pimp

    The Scarlet Pimp Jr. VIP Jr. VIP Premium Member

    Joined:
    Apr 2, 2008
    Messages:
    788
    Likes Received:
    3,120
    Occupation:
    Chair moistener.
    Location:
    Cyberspace
    it sends the email to the person who owns the name. you can't access it...
     
  7. Keedev

    Keedev Regular Member

    Joined:
    Apr 2, 2008
    Messages:
    290
    Likes Received:
    100
    It just resets, no need to access anything.


    Clarify, 2.8.3/wordpress. Still on 7 :flame:
     
  8. The Scarlet Pimp

    The Scarlet Pimp Jr. VIP Jr. VIP Premium Member

    Joined:
    Apr 2, 2008
    Messages:
    788
    Likes Received:
    3,120
    Occupation:
    Chair moistener.
    Location:
    Cyberspace
    i tried it and it said, 'click the link below to reset'.

    i didn't so everything stayed the same.
     
  9. khan0

    khan0 Registered Member

    Joined:
    Jul 16, 2008
    Messages:
    75
    Likes Received:
    17
    Location:
    Toronto
    You need to pass the key as an array.

    A web browser is sufficiant to reproduce this Proof of concept:
    Code:
    http://DOMAIN_NAME.TLD/wp-login.php?action=rp&key[]=