搜索

[7951] 2014-04-13_分析WordPress3.8.2修復的cookie偽造漏洞

文档创建者:s7ckTeam
浏览次数:36
最后更新:2025-01-17
2014-04-13_分析WordPress3.8.2修復的cookie偽造漏洞   W o r d P r e s s   3 . 8 . 2   c o o k i e E t t a c k   F r e e B u f   2 0 1 4 - 0 4 - 1 3 4 8 , w o r d p r e s s c o o k i e C V E   - 2 0 1 4 -   0 1 6 6 $ k e y   =   w p _ h a s h ( $ u s e r n a m e   .   $ p a s s _ f r a g   .   ' | '   .   $ e x p i r a t i o n ,   $ s c h e m e ) ; $ h a s h   =   h a s h _ h m a c ( ' m d 5 ' ,   $ u s e r n a m e   .   ' | '   .   $ e x p i r a t i o n ,   $ k e y ) ; -   i f   (   $ h m a c   ! =   $ h a s h   )   {   +     i f   (   h a s h _ h m a c (   ' m d 5 ' ,   $ h m a c ,   $ k e y   )   ! = =   h a s h _ h m a c (   ' m d 5 ' ,   $ h a s h ,   $ k e y   )   )   { p h p h a s h _ h m a c c o m p a r i s i o n   o p e r a t o r   ! =     ! = =   h a s h _ h m a c w o r d p r e s s   ! =     ! = =   p h p s t r i c t n o n - s t r i c t p h p   m a n u a l " = = = " " ! = = " s t r i c t " = = " " ! = " n o n - s t r i c t p h p   m a n u a l < ? p h p v a r _ d u m p ( 0   = =   " a " ) ;   / /   0   = =   0   - >   t r u e v a r _ d u m p ( " 1 "   = =   " 0 1 " ) ;   / /   1   = =   1   - >   t r u e v a r _ d u m p ( " 1 0 "   = =   " 1 e 1 " ) ;   / /   1 0   = =   1 0   - >   t r u e v a r _ d u m p ( 1 0 0   = =   " 1 e 2 " ) ;   / /   1 0 0   = =   1 0 0   - >   t r u e ? > 0 = = " a " , " 1 " = = " 0 1 "
w o r d p r e s s c o o k i e h a s h h a s h h a s h " 1 0 " = = " 1 e 1 " p h p ( 1 e 1   =   1 * 1 0 ^ 1   =   1 ) v a r _ d u m p ( " 0 e 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 " = = = " 0 " )   / / f a l s e v a r _ d u m p ( " 0 e 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 " = = " 0 " )   / / t r u e h a s h " 0 e x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x " " 0 " w o r d p r e s s ( $ u s e r n a m e ) ( $ p a s s _ f r a g ) c o o k i e ( $ e x p i r a t i o n ) w p - c o n f i g . p h p k e y ( $ k e y ) $ h a s h   ( ) ,   c o o k i e $ h m a c ( $ h m a c   ! =   $ h a s h   ? ) c o o k i e c o o k i e w o r d p r e s s _ h a s h o f u r l = u s e r n a m e | e x p i r a t i o n | h m a c $ u s e r n a m e $ e x p i r a t i o n $ u s e r n a m e c o o k i e $ e x p i r a t i o n $ h a s h c o o k i e $ h m a c 0 $ e x p i r a t i o n 滿 $ h a s h = = " 0 " $ h a s h c o o k i e 滿 h a s h : P   =   S u m ( 1 0 ^ n , n = 0 , 3 0 ) / 1 6 ^ 3 2   =   3 . 2 6 5 2 6 * 1 0 ^ - 9 ~ f r e e b u f ( 3 . 8 . 2 ) E t t a c k f r e e b u f

回复

举报

高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

Archiver| 手机版| 小黑屋|
Powered by Discuz! X3.4 Copyright © 2001-2020, Tencent Cloud. 商业源码建议获取授权,如侵犯您的权益,请联系客服处理