WordPress <= 2.8.5 Unrestricted File Upload Arbitrary PHP Code Execution-Web安全手册

导航

分享本身就是件快乐的事我因别人得到帮助而感到幸福

WordPress <= 2.8.5 Unrestricted File Upload Arbitrary PHP Code Execution

2009年11月12日 20:22:57 发布:Trace

#Trace: 授权用户的拿webshell的方法.受影响版本<=2.8.5,受服务器环境影响.

http://seclists.org/fulldisclosure/2009/Nov/141

Reference:

[1]http://www.4ngel.net/article/63.htm
[2]http://httpd.apache.org/docs/2.2/mod/mod_mime.html#multipleext
[3]http://isc.sans.org/diary.html?storyid=6139

Tags: Wordpress File Upload Arbitrary PHP Code Execution

相关文章:
WordPress <= 2.8.3 Remote admin reset password  (2009-8-11 20:29:43)
phpass_crack: Simple tool for cracking Wordpress hashes  (2009-3-30 12:29:50)
WordPress XSS vulnerability in RSS Feed Generator  (2009-1-9 3:58:24)
Wordpress 2.7.0 remote code execution vulnerability   (2008-12-18 14:18:55)
Wordpress Plugin e-Commerce <= 3.4 Arbitrary File Upload Exploit  (2008-10-30 8:5:38)
WordPress Media Holder (id) Sql injetion vulnerability  (2008-10-27 12:14:1)
WP Comment Remix 1.4.3 Remote SQL Injection Exploit  (2008-10-14 22:21:18)

◎欢迎参与讨论，请在这里发表您的看法、交流您的观点。

Powered By Z-Blog .Theme from Google黑板报 By Washun

Copyright 2008-2009 Pcsec.org. Some Rights Reserved.苏ICP备08110306号

Search

网站分类

文章归档

最新评论及回复

最近发表