deathmorlock
commented
4 years ago Oh , it is a bug (or fix) of response on multicall post - after first wrong login:pass all next in response are wrong (even if they are right). Such brute is useless
Open deathmorlock opened 4 years ago
deathmorlock
commented
4 years ago Oh , it is a bug (or fix) of response on multicall post - after first wrong login:pass all next in response are wrong (even if they are right). Such brute is useless
Hello bro. Found strange bug. Installed Wordpress 5.2 for testing. Create user admin 12345 - scrypt works fine
Create user sergo 123456 - scrypt doesn't work Make direct POST from Burp - all works fine.
All users just newly created in wp-admin. Both have administrator role. http://prntscr.com/s0cayr http://prntscr.com/s0ckdp tried many times - result is stable.
Changed admin pass to 123456 and scrypt stop finding his pass. Сhanged sergo pass to 123 scrypt doesn't work Сhanged sergo pass to 123456 scrypt doesn't work
At same time direct POST with Burp works fine.