CVE-2017-8295 PoC — WordPress 安全漏洞

Source

https://github.com/alash3al/wp-allowed-hosts

Associated Vulnerability

Title:WordPress 安全漏洞 (CVE-2017-8295)
Description:WordPress是WordPress软件基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。 WordPress 4.7.4及之前的版本中存在安全漏洞。远程攻击者可通过发送特制的wp-login.php?action=lostpassword请求利用该漏洞重置任意密码。

Description

a plugin that protects your wp site from the CVE-2017-8295 vulnerability

Readme

# WP Allowed Hosts
This plugin has been created after the vulnerability known as `CVE-2017-8295` has been disclosed, 
this plugin will protect you from that attack with no hassle, just add simple line to your `wp-config.php` .

# Installation
Just download the plugin from [here](https://github.com/alash3al/wp-allowed-hosts/archive/master.zip) and upload it to your site .

# Usage
Just add the following line to your `wp-config.php`
```php
// WP Allowed Hosts Plugin
define( 'WP_ALLOWED_HOSTS', 'mysit.com' );
```

You can also add multiple domains .
```php
// WP Allowed Hosts Plugin
define( 'WP_ALLOWED_HOSTS', 'site1.com,site2.com' );
```

File Snapshot


 [4.0K]  /data/pocs/f4c606632840f0ea083a850ac5a3830397535a33
├── [ 18K]  LICENSE
├── [ 750]  plugin.php
└── [ 644]  README.md

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!