漏洞简介
Description: It is possible to upload and execute a PHP file using the plugin option to upload a zip archiveDate: june 2019Exploit Author: xulchibalraaVendor Homepage: https://wordpress.org/plugins/insert-or-embed-articulate-content-into-wordpress/Software Link: https://downloads.wordpress.org/plugin/insert-or-embed-articulate-content-into-wordpress.4.2995.zipVersion: 4.2995
漏洞分析关于wordpress是如何调用插件的请参考,此处不再赘述
https://www.wenjiangs.com/article/wordpress-plug-in-unit.html
通过作者给出的利用流程,我们最低需要一个 ...