CVE-2020-12832 PoC — WordPress simple-file-list plugin 路径遍历漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2020/CVE-2020-12832.yaml

Associated Vulnerability

Title:WordPress simple-file-list plugin 路径遍历漏洞 (CVE-2020-12832)
Description:WordPress是WordPress基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。simple-file-list是使用在其中的一个支持打开和下载文件的文件列表插件。 WordPress simple-file-list plugin 4.2.8之前版本中存在路径遍历漏洞，该漏洞源于程序没有正确验证用户提供的输入。攻击者可利用该漏洞删除任意文件。

Description

Simple File List plugin allows path traversal via file upload, enabling files to be written outside the upload directory.

File Snapshot


 id: CVE-2020-12832

info:
  name: WordPress Simple File List - Path Traversal
  author: riteshs4hu
 

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!