Jump to content
IPS Community Suite 简体中文
Sign in to follow this  
ipscn

WP 漏洞分析

Recommended Posts

wordpress <= 4.9.6 任意文件删除漏洞

近日RIPS曝出wordpress直至 4.9.6的版本依然存在一个任意文件删除漏洞,拥有author及类似权限的wordpress站点受到此漏洞威胁,攻击者可通过构造附件的'thumb'路径造成任意文件删除。严重的后果将导致攻击者获取站点管理员权限进而控制服务器。

https://blog.ripstech.com/2018/wordpress-file-delete-to-code-execution/

临时补救措施

add_filter( 'wp_update_attachment_metadata', 'rips_unlink_tempfix',, PHP_INT_MAX );

function rips_unlink_tempfix( $data ) {
    if( isset($data['thumb']) ) {
        $data['thumb'] = basename($data['thumb']);
    }

    return $data;
}

 

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×