Opened 11 years ago
Closed 11 years ago
#27492 closed defect (bug) (invalid)
I am able to hack the website ( http://www.gktw.org/ ) which is NOT my website
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Milestone: | Priority: | normal | |
| Severity: | normal | Version: | 3.9 |
| Component: | Login and Registration | Keywords: | |
| Focuses: | Cc: |
Description
I am able to hack the website ( http://www.gktw.org/ ) which is NOT my website.
Steps:
- Goto the website wordpress login page i.e " http://www.gktw.org/blog/wp-login.php "
- Click on " Lost your password? " option
- Click on " Register " option
OR
Directly Goto Register page i.e
- I entered username as " ovikassingho " & my email id " ovikassingho@… " and clicked Register
- After that I received an email from wordpress regarding my Userid and Password
So I request you to unlink the website " http://www.gktw.org/ " from my User ID i.e " ovikassingho " and my email " ovikassingho@… " , As I am not the owner of the website " http://www.gktw.org/ "
Attachments (2)
Change History (3)
#1
@
11 years ago
- Milestone Awaiting Review deleted
- Resolution set to invalid
- Status changed from new to closed
Registering on a site with open registration is not a hack.
We don't have access to standalone WordPress sites. The only person who can delete your profile is the site owner.
Please do not report "security issues" publicly. We encourage responsible, private disclosure of security issues in part so invalid reports do not spread.
Note: See
TracTickets for help on using
tickets.
email that I received