WordPress.org

Make WordPress Core

Opened 5 years ago

Last modified 4 years ago

#15286 closed defect (bug)

can reset admin password by adminajax.php — at Version 2

Reported by: rYokiNG Owned by:
Milestone: Priority: normal
Severity: critical Version: 3.0.1
Component: Administration Keywords: reporter-feedback
Focuses: Cc:

Description (last modified by westi)

when you type "/wp-admin/admin-ajax.php?action=wp-compression-test&test=1&1287468825469";

and refresh 3 time admin password just reset,

i have video for this report but can't attach it big file.

require_once('../wp-load.php');
> 
> if ( ! isset( $_REQUEST['action'] ) )
> die('-1');
> 
> require_once('./includes/admin.php'); //load admin.php already
> @header('Content-Type: text/html; charset=' . get_option('blog_charset'));
> send_nosniff_header();
> 
> do_action('admin_init');
> 
> if ( ! is_user_logged_in() ) { //check after
> 
> if ( isset( $_POST['action'] ) && $_POST['action'] == 'autosave' ) {
> $id = isset($_POST['post_ID'])? (int) $_POST['post_ID'] : 0;
> 
> if ( ! $id )
> die('-1');

Change History (2)

comment:1 @mrmist5 years ago

  • Keywords bug reset password removed

Doesn't do anything for me. The supplied URL just echos -1 if not logged in, or 0 if logged in (against trunk).

comment:2 @westi5 years ago

  • Description modified (diff)
Note: See TracTickets for help on using tickets.