|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 63
Members: 0
Total: 63
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
WP Admin Access |
|
Posted: Mon Oct 13, 2008 9:17 pm |
|
|
HanCholo |
Regular user |
|
|
Joined: Oct 09, 2008 |
Posts: 11 |
|
|
|
|
|
|
|
Does anyone have or know how to obtain administrative access on Wordpress? (I mean on the WP server, not someone's blog hosted remotely.) Is there a cookie one can forge to get admin access? |
|
|
|
|
Posted: Mon Oct 13, 2008 10:17 pm |
|
|
lenny |
Valuable expert |
|
|
Joined: May 15, 2008 |
Posts: 275 |
|
|
|
|
|
|
|
If you can find the wordpress version, then we can start to look at possible exploits you can use to attack the blog |
|
|
|
|
Posted: Thu Oct 16, 2008 3:11 am |
|
|
HanCholo |
Regular user |
|
|
Joined: Oct 09, 2008 |
Posts: 11 |
|
|
|
|
|
|
|
Thanks Lenny, but how would I determine which version of Wordpress by looking at the blog? |
|
|
|
|
Posted: Thu Oct 16, 2008 7:14 pm |
|
|
WaKo |
Regular user |
|
|
Joined: Jul 27, 2008 |
Posts: 20 |
Location: Austria |
|
|
|
|
|
|
Look at the sourcecode, mostly you'll find something like this:
Code: | name="generator" content="WordPress *.*.*" |
* <--- version
greetz WaKo |
|
|
|
|
Posted: Tue Oct 21, 2008 1:48 am |
|
|
HanCholo |
Regular user |
|
|
Joined: Oct 09, 2008 |
Posts: 11 |
|
|
|
|
|
|
|
I see, but upon viewing the page source, the tag you cited reads:
Code: | name=“generator” content=“WordPress.com” /> <!-- leave this for stats -->
|
I could not find any version number labeled as such in the source code, but on several blogs, I found RSS 2.0 instead.
In either case, BlogSecurity.net lists vulnerabilities with the many versions of Wordpress on this page. |
|
|
|
|
www.waraxe.us Forum Index -> Newbies corner
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB 2001-2008 phpBB Group
|
|
|
|
|
|
|