Monday, August 29, 2016

Wordpress Login Wall attack example

Wordpress Login Wall was supposed to be for your protection against brute force and other login attacks. Instead per this older blog post if you use this plugin you may put yourself at risk to attacks that allow for raw eval's of php code that you pass into the login parameter. Ouch.

GET/wp-content/plugins/login-wall-etgfb/login_wall.php?login=cmd

More about neonprimetime


Top Blogs of all-time
  1. pagerank botnet sql injection walk-thru
  2. DOM XSS 101 Walk-Through
  3. An Invoice email and a Hot mess of Java


Top Github Contributions
  1. Qualys Scantronitor 2.0


Copyright © 2016, this post cannot be reproduced or retransmitted in any form without reference to the original post.

No comments:

Post a Comment