Jump to content

1 step Pwn - from Google to pwning - Stupid WordPress users..


sigurdur
 Share

Recommended Posts

Sooo .. I was googling a totally unrelated search term and found what I thought was a relevant link ...

... except the user replaced his wordpress installation with a default one - UNCONFIGURED.

Which means when I went to the site, I got this:

post-47298-0-65193200-1424527686_thumb.p

Sooo, I can now simply configure Wordpress, access the database and the server by using a couple of WordPress plugins to install any PHP I desire on the server.

I am sending an e-mail to the website owner to inform him of his unconfigured setup.. but if I would have my black hat on (do caps count, or is it only fedoras?) I would simply take over this hosting account.

What would you do when you see this in the wild?

Configure it to secure it, then report it to the owner?

Leave it as is?

post-47298-0-65193200-1424527686_thumb.p

Link to comment
Share on other sites

Definitely don't make any changes on it, doing that breaks laws in most places that have computer laws.

Reporting it back to the owner is good if you can find their details, if you can't then report to the hosting company who may or may not be interested.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...