[wp-trac] [WordPress Trac] #15286: can reset admin password by adminajax.php
WordPress Trac
wp-trac at lists.automattic.com
Tue Nov 2 07:26:57 UTC 2010
#15286: can reset admin password by adminajax.php
----------------------------+-----------------------------------------------
Reporter: rYokiNG | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Administration | Version: 3.0.1
Severity: critical | Keywords: bug reset password
----------------------------+-----------------------------------------------
when you type "/wp-admin/admin-ajax.php?action=wp-compression-
test&test=1&1287468825469";
and refresh 3 time admin password just reset,
i have video for this report but can't attach it big file.
require_once('../wp-load.php');
>
> if ( ! isset( $_REQUEST['action'] ) )
> die('-1');
>
> require_once('./includes/admin.php'); //load admin.php already
> @header('Content-Type: text/html; charset=' .
get_option('blog_charset'));
> send_nosniff_header();
>
> do_action('admin_init');
>
> if ( ! is_user_logged_in() ) { //check after
>
> if ( isset( $_POST['action'] ) && $_POST['action'] == 'autosave' ) {
> $id = isset($_POST['post_ID'])? (int) $_POST['post_ID'] : 0;
>
> if ( ! $id )
> die('-1');
--
Ticket URL: <http://core.trac.wordpress.org/ticket/15286>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list