WordPress Core < 5.2.3 - Viewing Unauthenticated/Password/Private Posts

• Exploit Database
• 163 阅读

• 作者： Sebastian Neef
  日期： 2019-10-14
• 类别：

  • webapps
  平台：

  • multiple
• 来源：https://www.exploit-db.com/exploits/47690/
• 1 2 3 4 5 6 7 8 9 10 11

  So far we know that adding <code>?static=1</code> to a wordpress URL should leak its secret content   Here are a few ways to manipulate the returned entries:   - <code>order</code> with <code>asc</code> or <code>desc - <code>orderby - <code>m</code> with <code>m=YYYY</code>, <code>m=YYYYMM</code> or <code>m=YYYYMMDD</code> date format     In this case, simply reversing the order of the returned elements suffices and <code>http://wordpress.local/?static=1&order=asc</code> will show the secret content: