Stanford University ( Longevity ) Wordpress Website BruteForce Attack

2017.09.08
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

----------------------------------------------------------------------------------------- | Exploit Title : Stanford University ( Longevity ) | Wordpress Website BruteForce Attack | Google Dork : site:stanford.edu inurl:/wp-content/ | Date : 08/09/2017 | Exploit Author : Mohammad Babaee | Vendor Homepage : stanford.edu | Software Link : stanford.edu | Version : 1.0 | Tested on : Windows10 , Firefox | |+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ | | | Proof of concept : Stanford University [ Brute Force Attack ] | | 1 - Search this Google Dork : site:stanford.edu inurl:/wp-content/ | 2 - Find The ( Longevity Subdomain ) of Stanford University | 3 - True Site : ( http://longevity.stanford.edu ) | 4 - Now , We Have a website with low security ! :) | 5 - This Site is using ( wordpress CMS ) Ver : 4.8.1 | Without Security measures ! | 6 - Defult Pages are avalable , you can see : readme.html , install.php , wp-login , wp-admin ! | 7 - Note : Username is ( admin ) & Adminpage is : ( http://longevity.stanford.edu/wp-login.php ) | 6 - The End , BruteForce This Site & Enjoy Of Hacking ...! | | | DEMO : | | http://longevity.stanford.edu/wp-login.php | username : admin | password : BruteForce to find ! | [BruteForce Attack VULNERABILITY] | | | | | +++ Discovered by : Mohammad Babaee | Don't forget me ...! | I will come back soon :) | | -----------------------------------------------------------------------------------------


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2017, cxsecurity.com

 

Back to Top