inurl:wp-login.php +Register Username Password "remember me" -echo -trac -footwear

  • 日期:2006-05-30
  • 类别:
  • 作者:anonymous
  • 语法:inurl:wp-login.php +Register Username Password "remember me" -echo -trac -footwear
  • this is a bit different from the previous one in GHDB, it searches for WordPress 2.x sites where user registration is enabled, a user can inject a carriage return and php code inside cache files to have a shell on target systemadvisory & poc exploit here: http://retrogod.altervista.org/wordpress_202_xpl.html