WordPress Security Vulnerability

Posted by ALonon in Security

With this security vulnerability, your admin password can be reset if your wordpress version <=2.8.3.  For more information about exploit visit: http://www.milw0rm.com/exploits/9410

Solution:

open wp-login.php

Find this line

if ( empty( $key ) )

and change with this:

if ( empty( $key ) || is_array( $key ) )


or

patch: http://wordpress.org/development/2009/08/2-8-4-security-release/

, , ,

You can follow any responses to this entry through the RSS 2.0 You can leave a response, or trackback.

One Response

  • Joseph says:
    Sunday, 6th September 2009 at 9:20 pm

    Hey guys,

    I have wrote a PHP script to search & remove vulnerable code & any ‘extra’ admin found on your wordpress site.

    This script will also upgrade your wordpress to the latest version.

    No PHP system, exec or any regular execution command is used as i know some webhosts disable them… it will works as long as you have PHP 4/5 & curl function.

    What the script does
    ===============
    1. Search for vulnerable code
    2. Backup wp’s database
    3. Upgrade your wp to the latest

    Instructions:
    =========

    1. Download the script from http://www.mxhub.com/fix_update_wp.zip
    2. Upload to your wordpress directory where wp-config is reside
    3. Go to http://yoursite.com/fix_update_wp.php to start the engine.
    4. Done.

    5. Give your feedback or report any problem.
    http://forums.mxhub.com/showthread.php?t=798

    My humble coding. Works for what i wanted. Hope it helps.

    -joseph



Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>