WordPress.org

Make WordPress Core

Opened 3 years ago

Last modified 3 years ago

#15286 closed defect (bug)

can reset admin password by adminajax.php — at Initial Version

Reported by: rYokiNG Owned by:
Milestone: Priority: normal
Severity: critical Version: 3.0.1
Component: Administration Keywords: reporter-feedback
Focuses: Cc:

Description

when you type "/wp-admin/admin-ajax.php?action=wp-compression-test&test=1&1287468825469";

and refresh 3 time admin password just reset,

i have video for this report but can't attach it big file.

require_once('../wp-load.php');

if ( ! isset( $_REQUESTaction? ) )
die('-1');

require_once('./includes/admin.php'); load admin.php already
@header('Content-Type: text/html; charset=' . get_option('blog_charset'));
send_nosniff_header();

do_action('admin_init');

if ( ! is_user_logged_in() ) { check after

if ( isset( $_POSTaction? ) && $_POSTaction? == 'autosave' ) {
$id = isset($_POSTpost_ID?)? (int) $_POSTpost_ID? : 0;

if ( ! $id )
die('-1');

Change History (0)

Note: See TracTickets for help on using tickets.