WordPress的橙色主题跨站请求伪造文件上传漏洞

发布日期:2013-11.3
发布作者:JJE Incovers

漏洞类型:文件上传

漏洞描述:

利用方法
[php]
inurl:"/wp-content/themes/agritourismo-theme/"
inurl:"/wp-content/themes/bordeaux-theme/"
inurl:"/wp-content/themes/bulteno-theme/"
inurl:"/wp-content/themes/oxygen-theme/"
inurl:"/wp-content/themes/radial-theme/"
inurl:"/wp-content/themes/rayoflight-theme/"
inurl:"/wp-content/themes/reganto-theme/"
inurl:"/wp-content/themes/rockstar-theme/"
[/php]
跨站请求伪造文件上传漏洞利用及POC

http://0day5.com/wp-content/themes/rockstar-theme/functions/upload-handler.php

Script :
[php]

Your File:

[/php]

发表评论