WordPress REST API 内容注入漏洞

Basic Fields

SSV ID:
SSV-92637
Find Time:
2017-02-01
Submit Time:
2017-02-02
Level:
Category:
权限提升
Component:
WordPress
(4.7.0,4.7.1)
Author:
Unknown
Submitter:
Knownsec
CVE-ID:
Add
CNNVD-ID:
Add
CNVD-ID:
CNVD-2017-00818
ZoomEye Dork:
app:wordpress

Source

Detail

Contributor Got  0KB
Loading icon
have 0  exchange

PoC (pocsuite 插件) (pocsuite 插件)

Contributor Knownsec totally have   0KB
Unopen
have 0 Exchange

Reference Linking

Solutions

Temp Solutions

Unavailable Temp Solutions

Official Solution

Defense Solutions

Unavailable Defense Solutions

Popularity 8467
Need to bind phone before comment. Bind Now

All Comments (3)

  • 想问一下为什么我访问/wp-json/wp/v2/posts得到的是404
    3F
  • 想问一下复现时添加id=1a后返回的结果是rest_invalid_param
    • sqvds
      复现成功之前安装时选择的中文,中文版本没能成功
    • anonymous
      能给一下rest_invalid_param的所有内容以及返回的状态码吗?
    • Lucifaer
      中文版本可能存在编码问题,复现最好使用英文原版
    • anonymous
      请问您后来解决了吗?我复现时也遇到了同样的问题。
    2F
  • Lucifaer
    并没有复现成功,是我的姿势不对么
    • anonymous
      你复现用的版本是?
    • Lucifaer
      额,是我本地apache的问题,重新配置了一下,复现成功,多谢
    1F

※Any content provided by this site, only to learn the code and services, not for illegal purposes