Thread Starter
Anonymous
Hi
That is infact a rather nasty security bug in WP which lets un-authorized users screw up your site. Most security scanners are aware of this. That’s how I found out about it. I won’t say in public forum how to exploit it, but if WP development is unaware of this, they can contact me for details at far2fish@gmail.com, as I think this issue should be closed as soon as possible.
Anyway, if you have been hit with this issue, what I’ve found to be a solution is this:
1. Go to /wp-login.php (don’t hit the login link on your site)
2. Enter your login details
3. Go to options
4. Click on Update Options
5. Your site should be fine
Is this problem being addressed by WP?
Yes. The devs are aware and working.
Thread Starter
Anonymous
I had the same failed redirect problem (wp-login.php?redirect_to=%2Fwp-admin%2F) after upgrading to version 1.2. Took me a while to find the fix…ultimately all it took was deleting the WP cookie in Internet Explorer.
Thread Starter
Anonymous
1. Go to /wp-login.php (don’t hit the login link on your site)
2. Enter your login details
3. Go to options
4. Click on Update Options
5. Your site should be fine
Can someone elaborate on this. I’ve tried everything and I’m still redirected back to my login page as a result of this vulnerability. I need a fix now. I can’t login to wp-admin.
I’ve deleted all cookies etc. Reset the admin passwd using phpMyAdmin. Nothing worked. Even if I type my wp-login.php URL in direclty I still get redirected to back to the login page. Where does the redirect URL setting exist? Couldn’t it be changed in the php file directly?
Thread Starter
Anonymous
Having the same problem with being redirected back to the login page.. I’ve been searching these forums and tried all sorts of suggestions regarding the white space etc.. (have never gotten any error messages but figured it couldn’t hurt) and still can’t get it to stop redirecting.
Help!
i do meet this problem when upgrading to 1.2.2
this is what i did to fix it
* Open wp-login.php
* find COOKIEHASH
* rename/replace to $cookiehash
besure to rename all of them
Ok.
I have tried the $cookiehash fix and still am not able to login normaly.
I can login, see an error page which says,
“sorry, no post match your criteria.”
I then link to an existing post and click the “edit this” link….
Has anyone found other fixes?
Thanks…
try clear your old cookies. then login again. it work for me
It looks like this is a .htaccess issue.
I have posted at this location for further insight:
http://wordpress.org/support/3/14271#post-109404
This one got me yesterday – took me five hours to figure out that someone had changed the SITEURL value in the db. I’m not sure how it was done, but any help preventing a recurrence would be welcome.
Moderator
James Huff
(@macmanx)
Volunteer Moderator
To prevent the reoccurrence, upgrade to WP v1.2.2 or the latest Nightly Build.
I just installed WP 1.5 and I am being redirected to the login page after a successful login. If I purposely enter an incorrect password, the login page displayes a message indication as such. If I enter the correct password, i just get redirected to the login page with the following query string in the URL:
http://www.dudedesign.com/blog/wp-login.php?redirect_to=%2Fblog%2Fwp-admin%2Findex.php
could it be that the webserver is converting the slashes to “%2F”? I tried to change them in the URL and then submit and it still redirects me to the login page. I also clicked the “forgot passoword” link and went through that process to get a new password and still no luck. if antone has any suggestions on how to fix this, I’d really appreciate it. the product looks great, I’d love to be able to try it.
thanks,
dude
btw… problem persists with both IE and FF.
