CVE-2008-4106
WordPress < 2.6.2 - Unauthenticated Password Reset via SQL Column Truncation
Title source: llmExploitation Summary
EIP tracks 2 public exploits for CVE-2008-4106. PoCs published by iso^kpsbr, irk4z.
AI-analyzed exploit summary This exploit targets a vulnerability in WordPress 2.6.1 to take over the admin account by abusing the password reset mechanism and predicting the random seed used for password generation. It registers a new admin user, triggers a password reset, and brute-forces the seed to compute the new password.
Description
WordPress before 2.6.2 does not properly handle MySQL warnings about insertion of username strings that exceed the maximum column width of the user_login column, and does not properly handle space characters when comparing usernames, which allows remote attackers to change an arbitrary user's password to a random value by registering a similar username and then requesting a password reset, related to a "SQL column truncation vulnerability." NOTE: the attacker can discover the random password by also exploiting CVE-2008-4107.
Exploits (2)
This exploit targets a vulnerability in WordPress 2.6.1 to take over the admin account by abusing the password reset mechanism and predicting the random seed used for password generation. It registers a new admin user, triggers a password reset, and brute-forces the seed to compute the new password.
This exploit leverages SQL column truncation in WordPress 2.6.1 to create a duplicate admin account by registering a username with trailing spaces, allowing password reset via the lost password feature.