CVE-2015-1579 PoC — WordPress Elegant Themes Divi主题目录遍历漏洞

Source

https://github.com/paralelo14/CVE-2015-1579

Associated Vulnerability

Title:WordPress Elegant Themes Divi主题目录遍历漏洞 (CVE-2015-1579)
Description:WordPress是WordPress软件基金会的一套使用PHP语言开发的博客平台，该平台支持在PHP和MySQL的服务器上架设个人博客网站。Elegant Themes Divi是其中的一个优雅主题。 WordPress Elegant Themes Divi主题中存在目录遍历漏洞，该漏洞源于wp-admin/admin-ajax.php脚本没有充分过滤revslider_show_image操作中的‘img’参数。远程攻击者可借助目录遍历字符‘..’利用该漏洞读取任意文件。

Readme

# CVE-2015-1579 - WP Revslider AFD

Exploit: Wordpress Slider Revolution Responsive <= 4.1.4:
  
    Vuln Date: 24/07/2014
    Exploit Author: anarc0der
    Version: Wordpress Slider Revolution Responsive <= 4.1.4
    CVE : CVE-2015-1579

How to:
  
    python3 xpl.py --url='target'
    
Targets examples PoC (Do not fuck them, to other people use as exemple):
    
    http://leyendahotel.com/
    http://www.adcmoura.pt/rail/
    http://softcor.com.br/

File Snapshot


 [4.0K]  /data/pocs/cb9254c9bfd399aefd8e0e90898a618bf7a8aff7
├── [ 456]  README.md
└── [2.9K]  xpl.py

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!