» Word Press: Md5 hash in Cookie » www.notsosecure.com

Word Press: Md5 hash in Cookie

March 15, 2007 What Did I Learn Today | sid @ 2:54 pm

I realised word press uses a static cookie, even when u have not enabled remember-me option. This static value holds the md5 of your password (md5(md5 of password)), which remains static. Thus an xss exploit in wordpress could be really handy as the cookie remains the same unless the password for the user is changed.

2 Comments »

[…] hash of password of all users including admin user. Before you run mdcrack on this hash, read my previous post on wordpress cookies as this will save your time. Once you have the admin user hash needless to say […]
Pingback by » Wordpress 2.1.2 xmlrpc Security Issues » www.notsosecure.com :: April 3, 2007 @ 6:38 pm
acaba TÃœRKÄ°SH yok mu ?
Comment by TÃ¼rk :: April 8, 2007 @ 10:41 am

RSS feed for comments on this post. TrackBack URI

Pages
- Home
- About
Calendar:

March 2007

M T W T F S S

Apr »

1 2 3 4

5 6 7 8 9 10 11

12 13 14 15 16 17 18

19 20 21 22 23 24 25

26 27 28 29 30 31
Categories:
Archives:
Contacts:
- Sid
Misc

www.notsosecure.com

From Pentesters To Pentesters

Word Press: Md5 hash in Cookie

2 Comments »

Leave a comment

Pages

Calendar:

Categories:

Archives:

Contacts:

Misc

March 2007
M	T	W	T	F	S	S
				Apr »
			1	2	3	4
5	6	7	8	9	10	11
12	13	14	15	16	17	18
19	20	21	22	23	24	25
26	27	28	29	30	31