May , 2017

Wordpress 4.7.4 Unauthorized Password Reset

Someone requested that the password be reset for the following account:

http://localhost/wordpress/

Username: admin

If this was a mistake, just ignore this email and nothing will happen.

To reset your password, visit the following address:

http://localhost/wordpress/wp-login.php?action=rp&key=AceiMFmkMR4fsmwxIZtZ&login=admin


As we can see, fields Return-Path, From, and Message-ID, all have the attacker’s domain set.

The verification of the headers can be performed by replacing /usr/sbin/sendmail with a bash script of:

#!/bin/bash
cat > /tmp/outgoing-email


https://exploitbox.io/vuln/WordPress-Exploit-4-7-Unauth-Password-Reset-0day-CVE-2017-8295.html
https://legalhackers.com