Make WordPress Core

Opened 10 years ago

Closed 10 years ago

#27492 closed defect (bug) (invalid)

I am able to hack the website ( http://www.gktw.org/ ) which is NOT my website

Reported by: ovikassingho's profile ovikassingho Owned by:
Milestone: Priority: normal
Severity: normal Version: 3.9
Component: Login and Registration Keywords:
Focuses: Cc:

Description

I am able to hack the website ( http://www.gktw.org/ ) which is NOT my website.

Steps:

  1. Goto the website wordpress login page i.e " http://www.gktw.org/blog/wp-login.php "
  2. Click on " Lost your password? " option
  3. Click on " Register " option

OR

Directly Goto Register page i.e

" http://www.gktw.org/blog/wp-login.php?action=register "

  1. I entered username as " ovikassingho " & my email id " ovikassingho@… " and clicked Register
  2. After that I received an email from wordpress regarding my Userid and Password

So I request you to unlink the website " http://www.gktw.org/ " from my User ID i.e " ovikassingho " and my email " ovikassingho@… " , As I am not the owner of the website " http://www.gktw.org/ "

Attachments (2)

wp2.png (193.5 KB) - added by ovikassingho 10 years ago.
email that I received
WP1.png (69.0 KB) - added by ovikassingho 10 years ago.

Download all attachments as: .zip

Change History (3)

@ovikassingho
10 years ago

email that I received

@ovikassingho
10 years ago

#1 @SergeyBiryukov
10 years ago

  • Milestone Awaiting Review deleted
  • Resolution set to invalid
  • Status changed from new to closed

Registering on a site with open registration is not a hack.

We don't have access to standalone WordPress sites. The only person who can delete your profile is the site owner.

Please do not report "security issues" publicly. We encourage responsible, private disclosure of security issues in part so invalid reports do not spread.

Note: See TracTickets for help on using tickets.