1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Upgrade all WP Blogs or get Hacked Easy

Discussion in 'Blogging' started by antx16, Jan 9, 2010.

  1. antx16

    antx16 Power Member

    Joined:
    Nov 25, 2007
    Messages:
    672
    Likes Received:
    1,536
    The hack is called "admin takeover exploit"

    Developers of the widely used WordPress blogging software have released an update that fixes a vulnerability that let attackers take over accounts by resetting the administrator password.

    The bug in version 2.8.3 is trivial to exploit remotely using nothing more than a web browser and a specially manipulated link. Typically, requests to reset a password are handled using a registered email address. Using the special URL, the old password is removed and a new one generated in its place with no confirmation required, according to this alert published on the Full-Disclosure mailing list.

    The flaw lurks in some of the PHP code that fails to properly scrutinize user input when the password reset feature is invoked. Exploiting it is as easy is directing a web browser to a link that looks something like:

    I actually saw the alert as it was published on Full-Disclosure, obviously anything to do with Wordpress catches my attention.

    The exploit can be executed by running the following code on a Wordpress 2.8.3 blog:

    Code:
    http://www.domain.com/wp-login.php?action=rp&key[]=
    simple but effective.
     
    • Thanks Thanks x 4
    Last edited: Jan 9, 2010
  2. angeal

    angeal Junior Member

    Joined:
    Dec 23, 2009
    Messages:
    142
    Likes Received:
    21
    i think i`ll upgrade my wordpress soon...
     
  3. Gibbzee

    Gibbzee Regular Member

    Joined:
    Jun 17, 2009
    Messages:
    399
    Likes Received:
    142
    Wtf? i tried it and it works. I can't believe how easy that is to exploit.
     
    • Thanks Thanks x 1
  4. antx16

    antx16 Power Member

    Joined:
    Nov 25, 2007
    Messages:
    672
    Likes Received:
    1,536
    Glad you guys are heading the warning will save you a lot of misery and tears
     
  5. antsaoo

    antsaoo Supreme Member

    Joined:
    Oct 1, 2008
    Messages:
    1,291
    Likes Received:
    637
    wasn't thig problem there before at some earlier versions too ? Tho might be i remember wrong. Stupid to make same mistake twice
     
  6. antx16

    antx16 Power Member

    Joined:
    Nov 25, 2007
    Messages:
    672
    Likes Received:
    1,536
    yep this seems to be a ongoing problem with wordpress, but hey guys its free so lets not give them such a hard time, microsoft is worse and it costs a fortune
     
  7. Crooker

    Crooker Newbie

    Joined:
    Jun 1, 2009
    Messages:
    0
    Likes Received:
    483
    Then why don't you just upload a .htpasswd file?
     
  8. letusgo

    letusgo Junior Member

    Joined:
    Nov 15, 2008
    Messages:
    199
    Likes Received:
    125
    HTML:
    The exploit can be executed by running the following code on a Wordpress 2.8.3 blog:
    Very old bug. if my memory serves, one BHW folk once posted here.
     
  9. antx16

    antx16 Power Member

    Joined:
    Nov 25, 2007
    Messages:
    672
    Likes Received:
    1,536
    this is just for the guys who forget, mine are rock solid lmao
     
    • Thanks Thanks x 1