Exploitation Summary
EIP tracks 1 public exploit for CVE-2014-0166. PoCs published by Ettack.
AI-analyzed exploit summary This repository contains proof-of-concept exploits for CVE-2014-0166, a WordPress cookie forgery vulnerability affecting versions prior to 3.8.2. The exploits include local brute-forcing tools and a multithreaded remote exploit to find a 'zero hash' for cookie forgery.
Description
The wp_validate_auth_cookie function in wp-includes/pluggable.php in WordPress before 3.7.2 and 3.8.x before 3.8.2 does not properly determine the validity of authentication cookies, which makes it easier for remote attackers to obtain access via a forged cookie.
Exploits (1)
This repository contains proof-of-concept exploits for CVE-2014-0166, a WordPress cookie forgery vulnerability affecting versions prior to 3.8.2. The exploits include local brute-forcing tools and a multithreaded remote exploit to find a 'zero hash' for cookie forgery.