CVE-2018-7422 PoC — WordPress Site Editor插件信息泄露漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2018/CVE-2018-7422.yaml

Associated Vulnerability

Title:WordPress Site Editor插件信息泄露漏洞 (CVE-2018-7422)
Description:WordPress是WordPress软件基金会的一套使用PHP语言开发的博客平台，该平台支持在PHP和MySQL的服务器上架设个人博客网站。Site Editor plugin是使用在其中的一个所见即所得的前端编辑器。 WordPress Site Editor插件1.1.1及之前版本中存在本地文件包含漏洞。远程攻击者可通过向editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php文件发送‘ajax_path’参数利用该漏洞检索任

Description

WordPress Site Editor through 1.1.1 allows remote attackers to retrieve arbitrary files via the ajax_path parameter to editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php.

File Snapshot


 id: CVE-2018-7422

info:
  name: WordPress Site Editor <=1.1.1 - Local File Inclusion
  author: Lusk

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!