Opened 14 years ago
Closed 14 years ago
#15286 closed defect (bug) (worksforme)
can reset admin password by adminajax.php
Reported by: | rYokiNG | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | critical | Version: | 3.0.1 |
Component: | Administration | Keywords: | reporter-feedback |
Focuses: | Cc: |
Description (last modified by )
when you type "/wp-admin/admin-ajax.php?action=wp-compression-test&test=1&1287468825469";
and refresh 3 time admin password just reset,
i have video for this report but can't attach it big file.
require_once('../wp-load.php'); > > if ( ! isset( $_REQUEST['action'] ) ) > die('-1'); > > require_once('./includes/admin.php'); //load admin.php already > @header('Content-Type: text/html; charset=' . get_option('blog_charset')); > send_nosniff_header(); > > do_action('admin_init'); > > if ( ! is_user_logged_in() ) { //check after > > if ( isset( $_POST['action'] ) && $_POST['action'] == 'autosave' ) { > $id = isset($_POST['post_ID'])? (int) $_POST['post_ID'] : 0; > > if ( ! $id ) > die('-1');
Change History (13)
#3
@
14 years ago
If you can really reproduce this please report to security@… with the full details.
#6
in reply to:
↑ 5
@
14 years ago
plase try login old password admin on blog mrmist
http://www.misthaven.org.uk/blog/
thank for interesting
#7
@
14 years ago
- Keywords needs-patch added
Well, for sure it seems the attack is real.
I don't appreciate POCs being tested on my live server though. :/
#10
@
14 years ago
- Keywords reporter-feedback added; needs-patch removed
Have you tested this against a stock install without plugins?
#11
@
14 years ago
i test with out plugin ok i record video and upload to server http://test.vsi-group.dk/testvdo.rar please download and see i test with out plugin, i used default themes
Doesn't do anything for me. The supplied URL just echos -1 if not logged in, or 0 if logged in (against trunk).