[wp-trac] [WordPress Trac] #15286: can reset admin password by adminajax.php

WordPress Trac wp-trac at lists.automattic.com
Tue Nov 2 07:56:59 UTC 2010 

#15286: can reset admin password by adminajax.php
----------------------------+-----------------------------------------------
 Reporter:  rYokiNG         |       Owner:                 
     Type:  defect (bug)    |      Status:  new            
 Priority:  normal          |   Milestone:  Awaiting Review
Component:  Administration  |     Version:  3.0.1          
 Severity:  critical        |    Keywords:                 
----------------------------+-----------------------------------------------
Description changed by westi:

Old description:

> when you type "/wp-admin/admin-ajax.php?action=wp-compression-
> test&test=1&1287468825469";
>
> and refresh 3 time admin password just reset,
>
> i have video for this report but can't attach it big file.
>
> require_once('../wp-load.php');
> >
> > if ( ! isset( $_REQUEST['action'] ) )
> > die('-1');
> >
> > require_once('./includes/admin.php'); //load admin.php already
> > @header('Content-Type: text/html; charset=' .
> get_option('blog_charset'));
> > send_nosniff_header();
> >
> > do_action('admin_init');
> >
> > if ( ! is_user_logged_in() ) { //check after
> >
> > if ( isset( $_POST['action'] ) && $_POST['action'] == 'autosave' ) {
> > $id = isset($_POST['post_ID'])? (int) $_POST['post_ID'] : 0;
> >
> > if ( ! $id )
> > die('-1');

New description:

 when you type "/wp-admin/admin-ajax.php?action=wp-compression-
 test&test=1&1287468825469";

 and refresh 3 time admin password just reset,

 i have video for this report but can't attach it big file.

 {{{
 require_once('../wp-load.php');
 >
 > if ( ! isset( $_REQUEST['action'] ) )
 > die('-1');
 >
 > require_once('./includes/admin.php'); //load admin.php already
 > @header('Content-Type: text/html; charset=' .
 get_option('blog_charset'));
 > send_nosniff_header();
 >
 > do_action('admin_init');
 >
 > if ( ! is_user_logged_in() ) { //check after
 >
 > if ( isset( $_POST['action'] ) && $_POST['action'] == 'autosave' ) {
 > $id = isset($_POST['post_ID'])? (int) $_POST['post_ID'] : 0;
 >
 > if ( ! $id )
 > die('-1');
 }}}

--

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/15286#comment:2>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software

More information about the wp-trac mailing list