how to hack wordpress?
WordPress Security Flaw: Reset Admin Password of Any Blog Without Confirmation!  |
| HackGallerytips.blogspot.com |
The hack is still open and can even be applied to the latest WordPress release 2.8.3
This is how it works:
The normal password reset page asks you to enter the username or email address and if that’s correct then a link is send to the email address associated with that account to reset your password but note that the password itself is not changed and you can just ignore the email and carry on.
But hackers have found a way in which they simply bypass that check and the password is reset by passing a special value in the key parameter of the reset page URL.
This is all you have todo:
http://www.domainname.com/wp-login.php?action=rp&key[]=
Replace domainname with any domain name of a blog hosted on WordPress and see it for yourself!Here is a list of blogs that I have tried this hack on. Sorry guys. You can always restore your passwords though.
1) Select one wordpress site
 |
| HackGallerytips.blogspot.com |
2) TechToggle – I really like this blog though
 |
| HackGallerytips.blogspot.com |
3) TutPlus – Yeah yeah yeah!
 |
| HackGallerytips.blogspot.com |
4) Tutorial9
 |
| HackGallerytips.blogspot.com |
5) WordPress Founder’s Personal Blog! ma.tt [Am not sure whether its reset or not but I think it is]
6) Noupe
 |
| HackGallerytips.blogspot.com |
7) PKPolitics
 |
| HackGallerytips.blogspot.com |
There are a couple others I tried this on and none of them was protected!
Note: I have just tried this as a proof-of-concept and nothing more then that. You will get an email with your new password and can always reset it yourself again. And sorry guys, OpenSource is not the best thing on earth!
Update:
Read the detailed fix of this wordpress admin password reset exploitUpdate 2:
WordPress update 2.8.4 has been released.Become master of all the latest technology with mcp dumps. Download wordpress 3.2.1 scjp dumps to prepare and pass real exam in first try guaranteed.
Download WordPress 2.8.3 (Stable)
Even though upgrading to WordPress 2.8.3 is a one-click process, if somehow unfortunately you can’t then proceed to WordPress’s classic 5 minute installation guide.