With this security vulnerability, your admin password can be reset if your wordpress version <=2.8.3. For more information about exploit visit: http://www.milw0rm.com/exploits/9410
Solution:
open wp-login.php
Find this line
if ( empty( $key ) )
and change with this:
if ( empty( $key ) || is_array( $key ) )
or
patch: http://wordpress.org/development/2009/08/2-8-4-security-release/
Related posts
-
Hey guys,
I have wrote a PHP script to search & remove vulnerable code & any ‘extra’ admin found on your wordpress site.
This script will also upgrade your wordpress to the latest version.
No PHP system, exec or any regular execution command is used as i know some webhosts disable them… it will works as long as you have PHP 4/5 & curl function.
What the script does
===============
1. Search for vulnerable code
2. Backup wp’s database
3. Upgrade your wp to the latestInstructions:
=========1. Download the script from http://www.mxhub.com/fix_update_wp.zip
2. Upload to your wordpress directory where wp-config is reside
3. Go to http://yoursite.com/fix_update_wp.php to start the engine.
4. Done.5. Give your feedback or report any problem.
http://forums.mxhub.com/showthread.php?t=798My humble coding. Works for what i wanted. Hope it helps.
-joseph
1 comment
Comments feed for this article
Trackback link: http://www.alonon.net/wordpress-security-vulnerability/trackback/