CVE-2019-17671:如何查看WordPress未授权文章

来源:岁月联盟 编辑:猪蛋儿 时间:2020-01-29
                    if ( ! is_user_logged_in() ) {
                        // User must be logged in to view unpublished posts.
                        $this->posts = array();
                        //var_dump("PoC: No posts

 ");
                    } else {
                        if ( $post_status_obj->protected ) {
                            // User must have edit permissions on the draft to preview.
                            if ( ! current_user_can( $edit_cap, $this->posts[0]->ID ) ) {
                                $this->posts = array();
                            } else {
                                $this->is_preview = true;
                                if ( 'future' != $status ) {
                                    $this->posts[0]->post_date = current_time( 'mysql' );
                                }
                            }
                        } elseif ( $post_status_obj->private ) {
                            if ( ! current_user_can( $read_cap, $this->posts[0]->ID ) ) {
                                $this->posts = array();
                            }
                        } else {
                            $this->posts = array();
                        }
                    }
                }
除了static=1之外,我们并没有设置其他特定的查询参数,我们在$this->posts = $wpdb->get_results($this->request);语句之前插入var_dump($this->request);,输出的结果如下:
string(112) "SELECT   wp_posts.* FROM wp_posts  WHERE 1=1  AND wp_posts.post_type = 'page'  ORDER BY wp_posts.post_date DESC "

上一页  [1] [2] [3] [4]  下一页