CVE-2021-24236 PoC — WordPress 代码问题漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-24236.yaml

Associated Vulnerability

Title:WordPress 代码问题漏洞 (CVE-2021-24236)
Description:WordPress是WordPress（Wordpress）基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。 WordPress 插件 Imagements 1.2.5版本及之前版本存在安全漏洞，该漏洞允许未经身份验证的攻击者利用该漏洞通过使用有效的图像Content-Type以及PHP文件名和代码来上传任意文件，从而导致RCE。

Description

WordPress Imagements plugin through 1.2.5 is susceptible to arbitrary file upload which can lead to remote code execution. The plugin allows images to be uploaded in comments but only checks for the Content-Type in the request to forbid dangerous files. An attacker can upload arbitrary files by using a valid image Content-Type along with a PHP filename and code.

File Snapshot


 id: CVE-2021-24236

info:
  name: WordPress Imagements <=1.2.5 - Arbitrary File Upload
  author: pus

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!