Major Security Flaw?
-
hi there
If you put this at the end of any site with WPS hide login enabled:
/wp-admin/customize.php
e.g.
http://www.mysite.com/wp-admin/customize.php
It will expose the hidden login URL:
http://www.mysite.com/MYHIDDENURL/?redirect_to=http%3A%2F%2Fwww.mysite.com%2Fwp-admin%2Fcustomize.php&reauth=1A bot would simply need to post to that url then harvest the redirect to get the login page.
Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)
- The topic ‘Major Security Flaw?’ is closed to new replies.