As the issue is now fixed, let disclose the details of the @aadhaarapi vulnerability I found 3 days ago. #wordpressForDummies #Aadhaar #AadhaarFailhttps://twitter.com/fs0c131y/status/953315051389284352 …
-
Show this thread -
After a quick
@_WPScan_ scan you was able to see this line: "A wp-config.php backup file has been found in: 'https://aadhaarapi.com/.wp-config.php.swp …'"pic.twitter.com/BHnDR0jzDE
4 replies 49 retweets 66 likesShow this thread -
After the download of this file, you could open it like this: vim -R .wp-config.php.swp and obtain the database user and password.pic.twitter.com/qTdweo5NJP
3 replies 39 retweets 44 likesShow this thread -
Next step was to find the phpmyadmin panel. Testing the port 2083 or /phpmyadmin is always a good idea.pic.twitter.com/ngB5eRkUWc
1 reply 25 retweets 33 likesShow this thread -
After login, open the wp-user table and change the password of an existent user. Go to /wp-admin and enter the username with the new password, you are in!
2 replies 35 retweets 48 likesShow this thread -
Issue found: 16 Jan 1st contact with
@aadhaarapi: 17 Jan Issue fixed: 17 Jan2 replies 27 retweets 46 likesShow this thread -
.
@aadhaarapi after had been caught with an issue like this, can I suggest to, at least, update your#wordpress plugins
?pic.twitter.com/0tzCv7XcPN5 replies 58 retweets 122 likesShow this thread -
Replying to @fs0c131y @aadhaarapi
I hope they gave you some $$$ for this... You saved them potentially a lot.
1 reply 0 retweets 1 like -
right
@aadhaarapi?1 reply 0 retweets 0 likes
Afaik, I received nothing for the moment
-
-
Replying to @fs0c131y @aadhaarapi
Well, next time someone detects something there, they might not be as nice as you then...0 replies 1 retweet 1 likeThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.