[wp-forums] A reason to upgrade
Christopher J. Hradil
chradil at comcast.net
Sun Aug 13 15:47:12 GMT 2006
shouldn't we just delete or edit that post so that folks can't go out and
download that thing. you know, many folks don't change their default
install's username....Fill in the blanks.....and hopefully that thing
doesn't work against 2.04-->
~~
Christopher J. Hradil
http://hradil.us
> -----Original Message-----
> From: wp-forums-bounces at lists.automattic.com
> [mailto:wp-forums-bounces at lists.automattic.com] On Behalf Of Podz
> Sent: Sunday, August 13, 2006 4:35 AM
> To: Forums
> Subject: [wp-forums] A reason to upgrade
>
> Url broken.
>
> http://www.the sar casm.com/index.php?id=60 WPCrack
>
> You must know the username you're trying to crack.
> *
> Reason:
> There is a "vulnerability" in Wordpress <= 2.0.4 (as far as I
> know) that will allow you to enumerate a valid username list.
> Example:
> go to the wp-login.php page, and type in some bullshit
> username. It says, "Error: Incorrect username," but when you
> input a correct one it will say "Error: Incorrect password,"
> therefore telling you that you have a proper username. Fill
> in the blanks.
>
> P.
> _______________________________________________
> wp-forums mailing list
> wp-forums at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-forums
>
More information about the wp-forums
mailing list