search

1N3 / Wordpress-XMLRPC-Brute-Force-Exploit

Wordpress XMLRPC System Multicall Brute Force Exploit (0day) by 1N3 @ CrowdShield
https://crowdshield.com
449 stars 198 forks source link

Seems multicall brute force not work fine now. #20

Closed adzon closed 2 years ago

adzon commented 7 years ago

Hi,

I try install a new wordpress , version 4.7.5.

I try put the right password on the first line of passwords.txt , it works.

But , when I try put the right password on the second line of passwords.txt , all password is incorrect.

What's the reason?

Thank you.

1N3 commented 7 years ago

Hi, I believe this was patched/fixed in Wordpress => 4.7.x, so the exploit may fail on newer versions.

th30r3tisch commented 7 years ago

With version 4.8 I still get this vulnerability.