As the issue is now fixed, let disclose the details of the @aadhaarapi vulnerability I found 3 days ago. #wordpressForDummies #Aadhaar #AadhaarFailhttps://twitter.com/fs0c131y/status/953315051389284352 …
-
-
Next step was to find the phpmyadmin panel. Testing the port 2083 or /phpmyadmin is always a good idea.pic.twitter.com/ngB5eRkUWc
Show this thread -
After login, open the wp-user table and change the password of an existent user. Go to /wp-admin and enter the username with the new password, you are in!
Show this thread -
Issue found: 16 Jan 1st contact with
@aadhaarapi: 17 Jan Issue fixed: 17 JanShow this thread -
.
@aadhaarapi after had been caught with an issue like this, can I suggest to, at least, update your#wordpress plugins
?pic.twitter.com/0tzCv7XcPNShow this thread
End of conversation
New conversation -
-
-
"obtain the database user and password" Which "database" is this exactly, please?
-
New conversation -
-
-
Are you fucking kidding me?! They didn't change their initial config settings?!! Even when I did my first WP install as a 14-year old (15 years ago!), I made sure to change credentials and delete or restrict permission to the config file. And we're supposed to trust these idiots?
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.