发表于 2013-03-15 02:16:32 by 月小升
开源代码的最大弱点可能就是源码大家都能研究。这个好像也是最大的优点。双刃剑
http://localhost/blog/wp-includes/registration-functions.php
页面出现
Fatal error: Call to undefined function _deprecated_file() in /Users/yuexiaosheng/WEB/php/blog/wp-includes/registration-functions.php on line 8
在出问题的php文件里
1.加@
@_deprecated_file( basename(__FILE__), '2.1', null, __( 'This file no longer needs to be included.' ) );
2.加访问控制
if(!defined('WP_USE_THEMES'))
{
exit('Access Denied By java-er.com');
}
其他能够暴路径的地址
http://localhost/blog/wp-content/plugins/akismet/akismet.php
http://localhost/blog/wp-content/plugins/hello.php
以下三个最新版本似乎已经修复。
http://localhost/blog/wp-content/themes/default/404.php
http://localhost/blog/wp-content/themes/default/index.php
http://localhost/blog/wp-content/themes/default/header.php
http://localhost/blog/wp-content/themes/default/footer.php
不过一旦知道博客所采用的模板,将default换成模板名字就出来了。
http://localhost/blog/wp-content/themes/模板/404.php
footer.php
没有什么好办法,只能发现的就来改改。
以上为
This entry was posted in PHP and tagged wordpress, 网络安全. Bookmark the permalink.
月小升QQ 2651044202, 技术交流QQ群 178491360
首发地址:月小升博客 – https://java-er.com/blog/wordpress-file-path/
无特殊说明,文章均为月小升原创,欢迎转载,转载请注明本文地址,谢谢