As the issue is now fixed, let disclose the details of the @aadhaarapi vulnerability I found 3 days ago. #wordpressForDummies #Aadhaar #AadhaarFailhttps://twitter.com/fs0c131y/status/953315051389284352 …
-
Show this thread -
After a quick
@_WPScan_ scan you was able to see this line: "A wp-config.php backup file has been found in: 'https://aadhaarapi.com/.wp-config.php.swp …'"pic.twitter.com/BHnDR0jzDE
4 replies 49 retweets 66 likesShow this thread -
After the download of this file, you could open it like this: vim -R .wp-config.php.swp and obtain the database user and password.pic.twitter.com/qTdweo5NJP
3 replies 39 retweets 44 likesShow this thread -
Next step was to find the phpmyadmin panel. Testing the port 2083 or /phpmyadmin is always a good idea.pic.twitter.com/ngB5eRkUWc
1 reply 25 retweets 33 likesShow this thread -
After login, open the wp-user table and change the password of an existent user. Go to /wp-admin and enter the username with the new password, you are in!
2 replies 35 retweets 48 likesShow this thread -
Issue found: 16 Jan 1st contact with
@aadhaarapi: 17 Jan Issue fixed: 17 Jan2 replies 27 retweets 46 likesShow this thread -
.
@aadhaarapi after had been caught with an issue like this, can I suggest to, at least, update your#wordpress plugins
?pic.twitter.com/0tzCv7XcPN5 replies 58 retweets 122 likesShow this thread -
Replying to @fs0c131y @aadhaarapi
Nice work! I'm assuming this is just their WP site though, and there wouldn't be any access to
#Aadhaar data?2 replies 1 retweet 1 like
-
-
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.