As the issue is now fixed, let disclose the details of the @aadhaarapi vulnerability I found 3 days ago. #wordpressForDummies #Aadhaar #AadhaarFailhttps://twitter.com/fs0c131y/status/953315051389284352 …
-
-
After the download of this file, you could open it like this: vim -R .wp-config.php.swp and obtain the database user and password.pic.twitter.com/qTdweo5NJP
Show this thread -
Next step was to find the phpmyadmin panel. Testing the port 2083 or /phpmyadmin is always a good idea.pic.twitter.com/ngB5eRkUWc
Show this thread -
After login, open the wp-user table and change the password of an existent user. Go to /wp-admin and enter the username with the new password, you are in!
Show this thread -
Issue found: 16 Jan 1st contact with
@aadhaarapi: 17 Jan Issue fixed: 17 JanShow this thread -
.
@aadhaarapi after had been caught with an issue like this, can I suggest to, at least, update your#wordpress plugins
?pic.twitter.com/0tzCv7XcPNShow this thread
End of conversation
New conversation -
-
-
OMG.. They are using WordPress... Creating backup file in public directory.... Is there any security policy... Any policy at in place?
-
poliwhat?
- 1 more reply
New conversation -
-
-
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.



