CVE-2008-1930 Wordpress 2.5 Cookie Integrity Protection Vulnerability
Wake up..Neo.. The Matrix HAS YOU —–the Matrix
From pentesterlab This course details the exploitation of an issue in the cookies integrity mechanism of Wordpress. This issue was found in 2008 and allowed an attacker to gain administrator access to a wordpress instance if user registration is enabled.
- Cookie Manager+
Weaknesses and Strengths
Use wfuzz to burte force hidden path of the server
next step, we use admin1 and password pentesterlab to login as user admin1
here we can use Cookie Manager+ to view the cookies we got.
modify cookie from
admin%7C11461188835%7Ce6cf864114aa5acaae0795ff56b333b0, reload the page, now we are in admin’s session.