WordPress SSRF攻击修复方案

    Read

wordpress /wp-includes/http.php文件中的wp_http_validate_url函数对输入IP验证不当,导致黑客可构造类似于012.10.10.10这样的畸形IP绕过验证,进行SSRF

修复方法:(http.php为修复后的)

SourceByrd's Weblog-https://note.t4x.org/other/wordpress-fix-ssrf/

SourceByrd's Weblog-https://note.t4x.org/other/wordpress-fix-ssrf/ SourceByrd's Weblog-https://note.t4x.org/other/wordpress-fix-ssrf/
申明:除非注明Byrd's Blog内容均为原创,未经许可禁止转载!详情请阅读版权申明!
Byrd
  • by Published on July 23, 2018
  • 原文链接:https://note.t4x.org/other/wordpress-fix-ssrf/
匿名

Comment

Anonymous

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: