 |
|
 |
 |
Menu |
 |
|
 Home |
| |
|
 Discussions |
| |
|
 Tools |
| |
|
| Affiliates |
| |
|
 Content |
| |
|
 Info |
| | |
|
|
|
|
|
User Info |
|
 Membership:
 Latest: MichaelSnaRe
 New Today: 0
 New Yesterday: 0
 Overall: 9144
 People Online:
 Visitors: 53
 Members: 0
 Total: 53
|
|
|
|
|
|
Full disclosure |
|
|
|
 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
|
Problem when creating Wordpress cookie |
|
 Posted: Thu Jun 21, 2007 1:34 pm |
 |
|
| scorpion |
| Regular user |
 |
|
| Joined: Jun 20, 2007 |
| Posts: 10 |
|
|
|
 |
|
 |
|
I used the WordPress 2.1.3 sql injection blind fishing exploit ver. 2 on a WP 2.1.2 blog. Everything worked out just fine but I have one issue.
It seems that I have some issues with creating the cookies...
I run a MD5 on the blog adress (http://sub.domain.top) and add this after wordpressuser_ and wordpresspass_.
I also run another MD5 on the result that this script outputs (dbff23c64c0369382f5fd24f69d03695). The result of this is 089ae043c73989ec8f708595ddcb4510, which I enter into the wordpresspass-cookie as the value. Still I just get this message when I surf to: http://sub.domain.top/wp-admin/
Your session has expired.
ERROR: Incorrect password.
Is WP 2.1.2 immune against this attack or am I making some mistakes? Anyone care to give me a hint? |
|
|
|
|
|
|
|
|
| Posted: Thu Jun 21, 2007 4:05 pm |
|
|
| waraxe |
| Site admin |
 |
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
You allready know plaintext password:
| Quote: |
scorpion wrote:
MD5: dbff23c64c0369382f5fd24f69d03695
Should be: c71c34
|
So why you want to manipulate with cookies? Have you tried this password directly? |
|
|
|
|
| Posted: Thu Jun 21, 2007 4:30 pm |
|
|
| scorpion |
| Regular user |
|
|
| Joined: Jun 20, 2007 |
| Posts: 10 |
|
|
|
|
|
|
|
| waraxe wrote: | You allready know plaintext password:
| Quote: |
scorpion wrote:
MD5: dbff23c64c0369382f5fd24f69d03695
Should be: c71c34
|
So why you want to manipulate with cookies? Have you tried this password directly? |
Yes, I just get a message telling me that the password is incorrect. 
That's why I wonder if I has done any mistake, or if WP 2.1.2 is secure against this exploit... |
|
|
|
|
| Posted: Fri Jun 22, 2007 8:08 am |
|
|
| blaxenet |
| Active user |
|
|
| Joined: Jun 20, 2007 |
| Posts: 26 |
|
|
|
|
|
|
|
| scorpion wrote: | | I just get a message telling me that the password is incorrect. : |
I stand to be corrected,
But that should be enough to confirm that that admin has changed their password... ?
Therefore that hash doesn't / no longer belongs to the admin... |
|
|
|
|
| Posted: Sat Jun 30, 2007 6:21 pm |
|
|
| scorpion |
| Regular user |
|
|
| Joined: Jun 20, 2007 |
| Posts: 10 |
|
|
|
|
|
|
|
| blaxenet wrote: | | scorpion wrote: | | I just get a message telling me that the password is incorrect. : |
I stand to be corrected,
But that should be enough to confirm that that admin has changed their password... ?
Therefore that hash doesn't / no longer belongs to the admin... |
The hash is still the same... And I still get the same message... |
|
|
|
|
| Posted: Sun Jul 01, 2007 10:21 am |
|
|
| pexli |
| Valuable expert |
 |
|
| Joined: May 24, 2007 |
| Posts: 665 |
| Location: Bulgaria |
|
|
|
|
|
|
Some time exploit don't pull out corect hash.Change this
| Code: | | $testcnt = 900000;// Use bigger numbers, if server is slow, default is 300000 |
..and try again. |
|
|
|
|
| Posted: Sat Jul 07, 2007 5:01 pm |
|
|
| scorpion |
| Regular user |
|
|
| Joined: Jun 20, 2007 |
| Posts: 10 |
|
|
|
|
|
|
|
| koko wrote: | Some time exploit don't pull out corect hash.Change this
| Code: | | $testcnt = 900000;// Use bigger numbers, if server is slow, default is 300000 |
..and try again. |
I have already tried that |
|
|
|
|
| Posted: Sat Jul 07, 2007 5:14 pm |
|
|
| pexli |
| Valuable expert |
|
|
| Joined: May 24, 2007 |
| Posts: 665 |
| Location: Bulgaria |
|
|
|
|
|
|
| Send me link to blog in PM pls.Thank you. |
|
|
|
|
www.waraxe.us Forum Index -> Newbies corner
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|
