رفتن به مطلب
انجمن تیم امنیتی گارد ایران

ارسال های توصیه شده

سلام خدمت همگی دوستان تو این تایپیک میخام اسیب پذیری های موجود توی توابع و فایل های phpموجود در cms wordpress 4.2.1 رو بررسی کنیم

دوستان لطفا اسپم نکنید سوالاتتونو یا پیام خصوصی کنین

لینک به دیدگاه
به اشتراک گذاری در سایت های دیگر

 بررسی آسیب پذیری ها در فایل wp-activate.php

 

Possible Flow Control

9: define define('WP_INSTALLING', true);

File Inclusion

12: require require (dirname(__FILE__) . '/wp-load.php');  // wp-load.php  

Possible Flow Control

22: define define('ABSPATH', dirname(__FILE__) . '/');  // wp-load.php  

File Inclusion

37: require_once require_once (ABSPATH . 'wp-config.php');  // wp-load.php22: define('ABSPATH', dirname(__FILE__) . '/');  // wp-load.php define()requires:34: if(file_exists(ABSPATH . 'wp-config.php')) 

File Inclusion

42: require_once require_once (dirname(ABSPATH) . '/wp-config.php');  // wp-load.php22: define('ABSPATH', dirname(__FILE__) . '/');  // wp-load.php define()requires:39: elseif(file_exists(dirname(ABSPATH) . '/wp-config.php') && !file_exists(dirname(ABSPATH) . '/wp-settings.php')) 

Possible Flow Control

48: define define('WPINC', 'wp-includes');  // wp-load.phprequires:44: elseif(file_exists(dirname(ABSPATH) . '/wp-config.php') && !file_exists(dirname(ABSPATH) . '/wp-settings.php')) else  

File Inclusion

49: require_once require_once (ABSPATH . WPINC . '/load.php');  // load.php22: define('ABSPATH', dirname(__FILE__) . '/');  // wp-load.php define()48: define('WPINC', 'wp-includes');  // wp-load.php define()requires:44: elseif(file_exists(dirname(ABSPATH) . '/wp-config.php') && !file_exists(dirname(ABSPATH) . '/wp-settings.php')) else  

Cross-Site Scripting

23: die die ('GLOBALS overwrite attempt detected');  // load.phprequires:44: elseif(file_exists(dirname(ABSPATH) . '/wp-config.php') && !file_exists(dirname(ABSPATH) . '/wp-settings.php')) else 22: if(isset($_REQUEST['GLOBALS']))  

Code Execution

95: preg_replace $PHP_SELF = preg_replace('/(\?.*)?$/', '', $_SERVER['REQUEST_URI']);  // load.phprequires:94: if(empty($PHP_SELF))  

HTTP Response Splitting

116: header header('Content-Type: text/html; charset=utf-8');  // load.phprequires:114: if(version_compare($required_php_version, $php_version, '>'))  

Cross-Site Scripting

117: die die (sprintf(__('Your server is running PHP version %1$s but WordPress %2$s requires at least %3$s.'), $php_version, $wp_version, $required_php_version));  // load.php112: $php_version = phpversion();  // load.php111:  global $wp_version;  // load.php111:  global $required_php_version;  // load.phprequires:114: if(version_compare($required_php_version, $php_version, '>')) 

HTTP Response Splitting

122: header header('Content-Type: text/html; charset=utf-8');  // load.phprequires:120: if(!extension_loaded('mysql') && !extension_loaded('mysqli') && !file_exists(WP_CONTENT_DIR . '/db.php')) 

Cross-Site Scripting

123: die die (__('Your PHP installation appears to be missing the MySQL extension which is required by WordPress.'));  // load.phprequires:120: if(!extension_loaded('mysql') && !extension_loaded('mysqli') && !file_exists(WP_CONTENT_DIR . '/db.php'))  

HTTP Response Splitting

136: header header('Content-Type: image/vnd.microsoft.icon');  // load.phprequires:135: if('/favicon.ico' == $_SERVER['REQUEST_URI'])  

HTTP Response Splitting

137: header header('Content-Length: 0');  // load.phprequires:135: if('/favicon.ico' == $_SERVER['REQUEST_URI'])  

Cross-Site Scripting

138: exit exit ;  // load.phprequires:135: if('/favicon.ico' == $_SERVER['REQUEST_URI']) 

File Inclusion

164: include include (ABSPATH . '.maintenance');  // load.php22: define('ABSPATH', dirname(__FILE__) . '/');  // wp-load.php define()  

File Inclusion

170: require_once require_once (WP_CONTENT_DIR . '/maintenance.php');  // load.phprequires:169: if(file_exists(WP_CONTENT_DIR . '/maintenance.php'))
لینک به دیدگاه
به اشتراک گذاری در سایت های دیگر

Cross-Site Scripting

171: die die ();  // load.phprequires:169: if(file_exists(WP_CONTENT_DIR . '/maintenance.php'))  

HTTP Response Splitting

P/1.1' != $protocol && 'HTTP/1.0' != $protocol),176: $protocol = $_SERVER['SERVER_PROTOCOL'];  // load.phprequires:158: ⇓ function wp_maintenance()  

HTTP Response Splitting

180: header header('Content-Type: text/html; charset=utf-8');  // load.php  

HTTP Response Splitting

181: header header('Retry-After: 600');  // load.php  

Cross-Site Scripting

184: echo echo ' dir="rtl"';  // load.phprequires:184: if(is_rtl()) 

Cross-Site Scripting

236: echo echo $r;  // load.php234: $r = number_format_i18n($timetotal, $precision) : number_format($timetotal, $precision);  // load.php233: $timetotal = $timeend - $timestart;  // load.php232: $timeend = microtime(true);  // load.php231:  global $timestart;  // load.php230: ⇓ function timer_stop($display = 0, $precision = 3)233: $timetotal = $timeend - $timestart;  // load.php232: $timeend = microtime(true);  // load.php231:  global $timestart;  // load.php230: ⇓ function timer_stop($display = 0, $precision = 3)requires:235: if($display)  

Possible Flow Control

275: ini_set ini_set('display_errors', 1);  // load.phprequires:271: if(WP_DEBUG)274: if(WP_DEBUG_DISPLAY)  

Possible Flow Control

277: ini_set ini_set('display_errors', 0);  // load.phprequires:271: if(WP_DEBUG)276: elseif(null !== WP_DEBUG_DISPLAY)

Possible Flow Control

280: ini_set ini_set('log_errors', 1); // load.php



requires:
271: if(WP_DEBUG)


279: if(WP_DEBUG_LOG)

Possible Flow Control

287: ini_set ini_set('display_errors', 0);  // load.phprequires:286: if(defined('XMLRPC_REQUEST'))  

Possible Flow Control

313: define define('WP_LANG_DIR', WP_CONTENT_DIR . '/languages');  // load.phprequires:304: if(!defined('WP_LANG_DIR'))305: if(file_exists(WP_CONTENT_DIR . '/languages') && is_dir(WP_CONTENT_DIR . '/languages') || !is_dir(ABSPATH . WPINC . '/languages'))

Possible Flow Control

316: define define('LANGDIR', 'wp-content/languages');  // load.phprequires:304: if(!defined('WP_LANG_DIR'))305: if(file_exists(WP_CONTENT_DIR . '/languages') && is_dir(WP_CONTENT_DIR . '/languages') || !is_dir(ABSPATH . WPINC . '/languages'))314: if(!defined('LANGDIR')) 

Possible Flow Control

326: define define('WP_LANG_DIR', ABSPATH . WPINC . '/languages');  // load.phprequires:304: if(!defined('WP_LANG_DIR'))318: if(file_exists(WP_CONTENT_DIR . '/languages') && is_dir(WP_CONTENT_DIR . '/languages') || !is_dir(ABSPATH . WPINC . '/languages')) else  

Possible Flow Control

329: define define('LANGDIR', WPINC . '/languages');  // load.phprequires:304: if(!defined('WP_LANG_DIR'))318: if(file_exists(WP_CONTENT_DIR . '/languages') && is_dir(WP_CONTENT_DIR . '/languages') || !is_dir(ABSPATH . WPINC . '/languages')) else 327: if(!defined('LANGDIR')) 

File Inclusion

345: require_once require_once (ABSPATH . WPINC . '/wp-db.php');  // load.php22: define('ABSPATH', dirname(__FILE__) . '/');  // wp-load.php define()48: define('WPINC', 'wp-includes');  // wp-load.php define() elseif(file_exists(dirname(ABSPATH) . '/wp-config.php') && !file_exists(dirname(ABSPATH) . '/wp-settings.php')) else , 
لینک به دیدگاه
به اشتراک گذاری در سایت های دیگر

File Inclusion

347: require_once require_once (WP_CONTENT_DIR . '/db.php');  // load.phprequires:346: if(file_exists(WP_CONTENT_DIR . '/db.php'))  

File Inclusion

424: require_once require_once (WP_CONTENT_DIR . '/object-cache.php');  // load.phprequires:422: if(!function_exists('wp_cache_init'))423: if(file_exists(WP_CONTENT_DIR . '/object-cache.php'))  

File Inclusion

441: require_once require_once (ABSPATH . WPINC . '/cache.php');  // load.php22: define('ABSPATH', dirname(__FILE__) . '/');  // wp-load.php define()48: define('WPINC', 'wp-includes');  // wp-load.php define() elseif(file_exists(dirname(ABSPATH) . '/wp-config.php') && !file_exists(dirname(ABSPATH) . '/wp-settings.php')) else ,requires:440: if(!wp_using_ext_object_cache ())  

File Inclusion

477: require require (ABSPATH . WPINC . '/kses.php');  // load.php22: define('ABSPATH', dirname(__FILE__) . '/');  // wp-load.php define()48: define('WPINC', 'wp-includes');  // wp-load.php define() elseif(file_exists(dirname(ABSPATH) . '/wp-config.php') && !file_exists(dirname(ABSPATH) . '/wp-settings.php')) else ,requires:474: elseif(!is_blog_installed () && !defined('WP_INSTALLING'))  

File Inclusion

478: require require (ABSPATH . WPINC . '/pluggable.php');  // load.php22: define('ABSPATH', dirname(__FILE__) . '/');  // wp-load.php define()48: define('WPINC', 'wp-includes');  // wp-load.php define() elseif(file_exists(dirname(ABSPATH) . '/wp-config.php') && !file_exists(dirname(ABSPATH) . '/wp-settings.php')) else ,requires:474: elseif(!is_blog_installed () && !defined('WP_INSTALLING'))  

File Inclusion

479: require require (ABSPATH . WPINC . '/formatting.php');  // load.php22: define('ABSPATH', dirname(__FILE__) . '/');  // wp-load.php define()48: define('WPINC', 'wp-includes');  // wp-load.php define() elseif(file_exists(dirname(ABSPATH) . '/wp-config.php') && !file_exists(dirname(ABSPATH) . '/wp-settings.php')) else ,requires:474: elseif(!is_blog_installed () && !defined('WP_INSTALLING'))  

Cross-Site Scripting

484: die die ();  // load.phprequires:474: elseif(!is_blog_installed () && !defined('WP_INSTALLING'))

File Disclosure

504: opendir $dh = opendir(WPMU_PLUGIN_DIR)){ // load.php

File Inclusion

771: require require ABSPATH . WPINC . '/version.php';  // load.php22: define('ABSPATH', dirname(__FILE__) . '/');  // wp-load.php define()48: define('WPINC', 'wp-includes');  // wp-load.php define() elseif(file_exists(dirname(ABSPATH) . '/wp-config.php') && !file_exists(dirname(ABSPATH) . '/wp-settings.php')) else ,  

File Inclusion

774: require_once require_once ABSPATH . WPINC . '/pomo/mo.php';  // load.php22: define('ABSPATH', dirname(__FILE__) . '/');  // wp-load.php define()48: define('WPINC', 'wp-includes');  // wp-load.php define() elseif(file_exists(dirname(ABSPATH) . '/wp-config.php') && !file_exists(dirname(ABSPATH) . '/wp-settings.php')) else ,  

File Inclusion

775: require_once require_once ABSPATH . WPINC . '/l10n.php';  // load.php22: define('ABSPATH', dirname(__FILE__) . '/');  // wp-load.php define()48: define('WPINC', 'wp-includes');  // wp-load.php define() elseif(file_exists(dirname(ABSPATH) . '/wp-config.php') && !file_exists(dirname(ABSPATH) . '/wp-settings.php')) else ,  

File Inclusion

776: require_once require_once ABSPATH . WPINC . '/locale.php';  // load.php22: define('ABSPATH', dirname(__FILE__) . '/');  // wp-load.php define()48: define('WPINC', 'wp-includes');  // wp-load.php define() elseif(file_exists(dirname(ABSPATH) . '/wp-config.php') && !file_exists(dirname(ABSPATH) . '/wp-settings.php')) else ,  

File Inclusion

779: require_once require_once ABSPATH . WPINC . '/plugin.php';  // load.php22: define('ABSPATH', dirname(__FILE__) . '/');  // wp-load.php define()48: define('WPINC', 'wp-includes');  // wp-load.php define() elseif(file_exists(dirname(ABSPATH) . '/wp-config.php') && !file_exists(dirname(ABSPATH) . '/wp-settings.php')) else ,  

File Inclusion

54: require_once require_once (ABSPATH . WPINC . '/functions.php');  // functions.php22: define('ABSPATH', dirname(__FILE__) . '/');  // wp-load.php define()48: define('WPINC', 'wp-includes');  // wp-load.php define() elseif(file_exists(dirname(ABSPATH) . '/wp-config.php') && !file_exists(dirname(ABSPATH) . '/wp-settings.php')) else ,  

File Inclusion

8: require require (ABSPATH . WPINC . '/option.php');  // functions.php22: define('ABSPATH', dirname(__FILE__) . '/');  // wp-load.php define()48: define('WPINC', 'wp-includes');  // wp-load.php define() elseif(file_exists(dirname(ABSPATH) . '/wp-config.php') && !file_exists(dirname(ABSPATH) . '/wp-settings.php')) else ,  

Code Execution

110: $datefunc $datefunc('m', $i)) // functions.php107: $datefunc = 'gmdate' : 'date';  // functions.phprequires:109: if((!empty($wp_locale->month)) && (!empty($wp_locale->weekday))) 
لینک به دیدگاه
به اشتراک گذاری در سایت های دیگر

Code Execution

112: $datefunc $datefunc('w', $i)) // functions.php107: $datefunc = 'gmdate' : 'date';  // functions.phprequires:109: if((!empty($wp_locale->month)) && (!empty($wp_locale->weekday)))  

Code Execution

114: $datefunc $datefunc('a', $i)) // functions.php107: $datefunc = 'gmdate' : 'date';  // functions.phprequires:109: if((!empty($wp_locale->month)) && (!empty($wp_locale->weekday)))  

Code Execution

115: $datefunc $datefunc('A', $i)) // functions.php107: $datefunc = 'gmdate' : 'date';  // functions.phprequires:109: if((!empty($wp_locale->month)) && (!empty($wp_locale->weekday)))  

Code Execution

117: preg_replace $dateformatstring = preg_replace("/([^\\\])D/", "\\1" . backslashit($dateweekday_abbrev), $dateformatstring);  // functions.php113: $dateweekday_abbrev = $wp_locale->get_weekday_abbrev($dateweekday);  // functions.php112: $dateweekday = $wp_locale->get_weekday($datefunc('w', $i));  // functions.php107: $datefunc = 'gmdate' : 'date';  // functions.php95: $i = time();  // functions.phpif(false === $i), if(!$gmt) else ,93: $i = current_time ('timestamp');  // functions.phpif(false === $i), if(!$gmt),requires:109: if((!empty($wp_locale->month)) && (!empty($wp_locale->weekday)))  

Code Execution

Userinput reaches sensitive sink.118: preg_replace $dateformatstring = preg_replace("/([^\\\])F/", "\\1" . backslashit($datemonth), $dateformatstring);  // functions.php110: $datemonth = $wp_locale->get_month($datefunc('m', $i));  // functions.php107: $datefunc = 'gmdate' : 'date';  // functions.php95: $i = time();  // functions.phpif(false === $i), if(!$gmt) else ,93: $i = current_time ('timestamp');  // functions.phpif(false === $i), if(!$gmt),requires:109: if((!empty($wp_locale->month)) && (!empty($wp_locale->weekday)))  

Code Execution

119: preg_replace $dateformatstring = preg_replace("/([^\\\])l/", "\\1" . backslashit($dateweekday), $dateformatstring);  // functions.php112: $dateweekday = $wp_locale->get_weekday($datefunc('w', $i));  // functions.php107: $datefunc = 'gmdate' : 'date';  // functions.php95: $i = time();  // functions.phpif(false === $i), if(!$gmt) else ,93: $i = current_time ('timestamp');  // functions.phpif(false === $i), if(!$gmt),requires:109: if((!empty($wp_locale->month)) && (!empty($wp_locale->weekday))) 

Code Execution

120: preg_replace $dateformatstring = preg_replace("/([^\\\])M/", "\\1" . backslashit($datemonth_abbrev), $dateformatstring);  // functions.php111: $datemonth_abbrev = $wp_locale->get_month_abbrev($datemonth);  // functions.php110: $datemonth = $wp_locale->get_month($datefunc('m', $i));  // functions.php107: $datefunc = 'gmdate' : 'date';  // functions.php95: $i = time();  // functions.phpif(false === $i), if(!$gmt) else ,93: $i = current_time ('timestamp');  // functions.phpif(false === $i), if(!$gmt),requires:109: if((!empty($wp_locale->month)) && (!empty($wp_locale->weekday)))  

Code Execution

121: preg_replace $dateformatstring = preg_replace("/([^\\\])a/", "\\1" . backslashit($datemeridiem), $dateformatstring);  // functions.php114: $datemeridiem = $wp_locale->get_meridiem($datefunc('a', $i));  // functions.php107: $datefunc = 'gmdate' : 'date';  // functions.php95: $i = time();  // functions.phpif(false === $i), if(!$gmt) else ,93: $i = current_time ('timestamp');  // functions.phpif(false === $i), if(!$gmt),requires:109: if((!empty($wp_locale->month)) && (!empty($wp_locale->weekday)))  

Code Execution

122: preg_replace $dateformatstring = preg_replace("/([^\\\])A/", "\\1" . backslashit($datemeridiem_capital), $dateformatstring);  // functions.php115: $datemeridiem_capital = $wp_locale->get_meridiem($datefunc('A', $i));  // functions.php107: $datefunc = 'gmdate' : 'date';  // functions.php95: $i = time();  // functions.phpif(false === $i), if(!$gmt) else ,93: $i = current_time ('timestamp');  // functions.phpif(false === $i), if(!$gmt),requires:109: if((!empty($wp_locale->month)) && (!empty($wp_locale->weekday)))  

Code Execution

137: preg_replace $dateformatstring = preg_replace("/([^\\\])$timezone_format/", "\\1" . backslashit($formatted), $dateformatstring);  // functions.php133: foreach($timezone_formats as $timezone_format) // functions.php126: $timezone_formats[5] = 'e' // functions.php array()126: $timezone_formats[4] = 'Z' // functions.php array()126: $timezone_formats[3] = 'T' // functions.php array()126: $timezone_formats[2] = 'O' // functions.php array()126: $timezone_formats[1] = 'I' // functions.php array()126: $timezone_formats = 'P' // functions.php array()135: $formatted = date_format($date_object, $timezone_format);  // functions.php132: $date_object = date_create(null, $timezone_object);  // functions.php131: $timezone_object = timezone_open($timezone_string);  // functions.php129: $timezone_string = get_option('timezone_string');  // functions.php133: foreach($timezone_formats as $timezone_format) // functions.php126: $timezone_formats[5] = 'e' // functions.php array()126: $timezone_formats[4] = 'Z' // functions.php array()126: $timezone_formats[3] = 'T' // functions.php array()126: $timezone_formats[2] = 'O' // functions.php array()126: $timezone_formats[1] = 'I' // functions.php array()126: $timezone_formats = 'P' // functions.php array()requires:128: if(preg_match("/$timezone_formats_re/", $dateformatstring))130: if($timezone_string)134: if(false !== strpos($dateformatstring, $timezone_format))  

Code Execution

143: $datefunc $datefunc($dateformatstring, $i);  // functions.php107: $datefunc = 'gmdate' : 'date';  // functions.php

Unserialize

270: unserialize unserialize($original);  // functions.php268: ⇓ function maybe_unserialize($original)requires:269: if(is_serialized ($original))  

Code Execution

447: preg_replace $content = preg_replace('/<title>(.+?)<\/title>/si', '', $content);  // functions.php  

Code Execution

448: preg_replace $content = preg_replace('/<category>(.+?)<\/category>/si', '', $content);  // functions.php  

Code Execution

479: array_map $post_links = array_unique(array_map('html_entity_decode', $post_links[2]));  // functions.php  
لینک به دیدگاه
به اشتراک گذاری در سایت های دیگر

File Inclusion

502: include_once include_once (ABSPATH . WPINC . '/class-IXR.php');  // functions.php22: define('ABSPATH', dirname(__FILE__) . '/');  // wp-load.php define()48: define('WPINC', 'wp-includes');  // wp-load.php define() elseif(file_exists(dirname(ABSPATH) . '/wp-config.php') && !file_exists(dirname(ABSPATH) . '/wp-settings.php')) else ,  

File Manipulation

610: fwrite fwrite($out_fp, wp_remote_retrieve_body($response));  // functions.php606: $out_fp = fopen($file_path, 'w');  // functions.php575: ⇓ function wp_get_http($url, $file_path = false, $red = 1)589: $response = wp_safe_remote_request($url, $options);  // functions.php575: ⇓ function wp_get_http($url, $file_path = false, $red = 1)587: $options['method'] = 'GET';  // functions.phpif(false == $file_path) else  

Code Execution

798: preg_replace $ret = preg_replace('#=(&|$)#', '$1', $ret);  // functions.php  

HTTP Response Splitting

1000: header header($status_header, true, $code);  // functions.php998: $status_header = apply_filters('status_header', $status_header, $code, $description, $protocol);  // functions.phpif(function_exists('apply_filters')),985: $status_header = "$protocol $code $description";  // functions.php984: $protocol = 'HTTP/1.0';  // functions.phpif('HTTP/1.1' != $protocol && 'HTTP/1.0' != $protocol),982: $protocol = $_SERVER['SERVER_PROTOCOL'];  // functions.php976: ⇓ function status_header($code)977: $description = get_status_header_desc ($code);  // functions.php976: ⇓ function status_header($code)976: ⇓ function status_header($code)977: $description = get_status_header_desc ($code);  // functions.php976: ⇓ function status_header($code)984: $protocol = 'HTTP/1.0';  // functions.phpif('HTTP/1.1' != $protocol && 'HTTP/1.0' != $protocol),requires:976: ⇓ function status_header($code)  

vulnerability in function status_header()

2456: ⇑ status_header ($r['response']);  // functions.php2423: $r = wp_parse_args($args, $defaults);  // functions.php2421: ⇓ function _default_wp_die_handler($message, $title = '', $args = array())2422: $defaults['response'] = 500 // functions.php array()requires:2454: if(!did_action('admin_head')) : 2455: if(!headers_sent())  

ulnerability in function status_header()

3319: ⇑ status_header (500);  // functions.php  

HTTP Response Splitting

1073: header header("{$name}: {$field_value}");  // functions.php1072: foreach($headers as $name=>$field_value) // functions.php1066: $headers['Last-Modified'] = '';  // functions.phpif(function_exists('header_remove')) else , if(0 === stripos($header, 'Last-Modified')),1054: $headers = wp_get_nocache_headers ();  // functions.php1072: foreach($headers as $name=>$field_value) // functions.php1066: $headers['Last-Modified'] = '';  // functions.phpif(function_exists('header_remove')) else , if(0 === stripos($header, 'Last-Modified')),1054: $headers = wp_get_nocache_headers ();  // functions.php  

HTTP Response Splitting

1084: header header("Content-Type: text/javascript; charset=" . get_bloginfo('charset'));  // functions.php  

HTTP Response Splitting

1085: header header("Vary: Accept-Encoding");  // functions.php  

HTTP Response Splitting میزان خطر بالا.

1086: header header("Expires: " . gmdate("D, d M Y H:i:s", time() + $expiresOffset) . " GMT");  // functions.php1082: $expiresOffset = 10 * DAY_IN_SECONDS;  // functions.php  

Code Execution

1135: preg_replace $feed = preg_replace('/^_+/', '', $feed);  // functions.php  

HTTP Response Splitting

1219: header header('Content-Type: text/plain; charset=utf-8');  // functions.php  

Cross-Site Scripting

1246: echo echo apply_filters('robots_txt', $output, $public);  // functions.php1235: $output .= "Disallow: $path/wp-admin/\n";  // functions.phpif('0' == $public) else ,1231: $output .= "Disallow: /\n";  // functions.phpif('0' == $public),1228: $output = "User-agent: *\n";  // functions.php1234: $path = $site_url['path'] : '';  // functions.phpif('0' == $public) else ,1233: $site_url = parse_url(site_url());  // functions.phpif('0' == $public) else ,1231: $output .= "Disallow: /\n";  // functions.phpif('0' == $public),1228: $output = "User-agent: *\n";  // functions.php1229: $public = get_option('blog_public');  // functions.php  

Cross-Site Scripting

1378: echo echo $nonce_field;  // functions.php1375: $nonce_field .= wp_referer_field(false);  // functions.phpif($referer),1372: $nonce_field = '<input type="hidden" id="' . $name . '" name="' . $name . '" value="' . wp_create_nonce($action) . '" />';  // functions.php1371: $name = esc_attr($name);  // functions.php1370: ⇓ function wp_nonce_field($action =  - 1, $name = "_wpnonce", $referer = true, $echo = true)1371: $name = esc_attr($name);  // functions.php1370: ⇓ function wp_nonce_field($action =  - 1, $name = "_wpnonce", $referer = true, $echo = true)requires:1377: if($echo)  

Cross-Site Scripting

1398: echo echo $referer_field;  // functions.php1395: $referer_field = '<input type="hidden" name="_wp_http_referer" value="' . esc_attr(wp_unslash($_SERVER['REQUEST_URI'])) . '" />';  // functions.phprequires:1397: if($echo)1394: ⇓ function wp_referer_field($echo = true)  

Cross-Site Scripting

1422: echo echo $orig_referer_field;  // functions.php1420: $orig_referer_field = '<input type="hidden" name="_wp_original_http_referer" value="' . esc_attr($ref) . '" />';  // functions.php1418: $ref = wp_get_referer() : wp_unslash($_SERVER['REQUEST_URI']);  // functions.phpif(!$ref = wp_get_original_referer()),requires:1421: if($echo)1416: ⇓ function wp_original_referer_field($echo = true, $jump_back_to = 'current')  
لینک به دیدگاه
به اشتراک گذاری در سایت های دیگر

File Manipulation

1521: chmod chmod($target_parent . '/' . implode('/', array_slice($folder_parts, 0, $i)), $dir_perms);  // functions.php1502: $target_parent = dirname($target_parent);  // functions.php1500: $target_parent = dirname($target);  // functions.php1494: $target = '/';  // functions.phpif(empty($target)),1492: $target = rtrim($target, '/');  // functions.php1485: $target = $wrapper . '://' . $target;  // functions.phpif($wrapper !== null),1477: list($wrapper, $target) = explode('://', $target, 2);  // functions.php list() if(wp_is_stream($target)),1472: ⇓ function wp_mkdir_p($target)1481: $target = str_replace('//', '/', $target);  // functions.php1477: list($wrapper, $target) = explode('://', $target, 2);  // functions.php list() if(wp_is_stream($target)),1519: $folder_parts = explode('/', substr($target, strlen($target_parent) + 1));  // functions.php1494: $target = '/';  // functions.phpif(empty($target)),1492: $target = rtrim($target, '/');  // functions.php1485: $target = $wrapper . '://' . $target;  // functions.phpif($wrapper !== null),1477: list($wrapper, $target) = explode('://', $target, 2);  // functions.php list() if(wp_is_stream($target)),1472: ⇓ function wp_mkdir_p($target)1481: $target = str_replace('//', '/', $target);  // functions.php1477: list($wrapper, $target) = explode('://', $target, 2);  // functions.php list() if(wp_is_stream($target)),1502: $target_parent = dirname($target_parent);  // functions.php1500: $target_parent = dirname($target);  // functions.php1494: $target = '/';  // functions.phpif(empty($target)),1520: for($i = *, $c = count($folder_parts); $i <= $c; $i++) // functions.php1519: $folder_parts = explode('/', substr($target, strlen($target_parent) + 1));  // functions.php1494: $target = '/';  // functions.phpif(empty($target)),1492: $target = rtrim($target, '/');  // functions.php1485: $target = $wrapper . '://' . $target;  // functions.phpif($wrapper !== null),1477: list($wrapper, $target) = explode('://', $target, 2);  // functions.php list() if(wp_is_stream($target)),1472: ⇓ function wp_mkdir_p($target)1481: $target = str_replace('//', '/', $target);  // functions.php1477: list($wrapper, $target) = explode('://', $target, 2);  // functions.php list() if(wp_is_stream($target)),requires:1512: if(mkdir($target, $dir_perms, true))1518: if($dir_perms != ($dir_perms&~umask()))  

Userinput is passed through function parameters.

1966: ⇑ wp_mkdir_p (dirname($new_file))) // functions.php1965: $new_file = $upload['path'] . "/$filename";  // functions.php1942: $upload = wp_upload_dir ($time);  // functions.php1931: ⇓ function wp_upload_bits($name, $deprecated, $bits, $time = null)1963: $filename = wp_unique_filename ($upload['path'], $name);  // functions.php1942: $upload = wp_upload_dir ($time);  // functions.php1931: ⇓ function wp_upload_bits($name, $deprecated, $bits, $time = null)1931: ⇓ function wp_upload_bits($name, $deprecated, $bits, $time = null)  

Code Execution

1592: preg_replace $path = preg_replace('|/+|', '/', $path);  // functions.php  

File Manipulation

1686: unlink unlink($path);  // functions.php1672: ⇓ function win_is_writable($path)requires:1685: if($should_delete_tmp_file)  

Code Execution

1878: call_user_func $filename = call_user_func($unique_filename_callback, $dir, $name, $ext);  // functions.php1860: ⇓ function wp_unique_filename($dir, $filename, $unique_filename_callback = null)requires:1877: if($unique_filename_callback && is_callable($unique_filename_callback)) 

Code Execution
high

1885: preg_replace $filename2 = preg_replace('|' . preg_quote($ext) . '$|', $ext2, $filename);  // functions.php1866: $ext = !'.' . $info['extension'] : '';  // functions.php1865: $info = pathinfo($filename);  // functions.php1862: $filename = sanitize_file_name($filename);  // functions.php1860: ⇓ function wp_unique_filename($dir, $filename, $unique_filename_callback = null)1884: $ext2 = strtolower($ext);  // functions.php1866: $ext = !'.' . $info['extension'] : '';  // functions.php1865: $info = pathinfo($filename);  // functions.php1862: $filename = sanitize_file_name($filename);  // functions.php1860: ⇓ function wp_unique_filename($dir, $filename, $unique_filename_callback = null)requires:1879: if($unique_filename_callback && is_callable($unique_filename_callback)) else 1883: if($ext && strtolower($ext) != $ext)  

Userinput is passed through function parameters.

1963: ⇑ $filename = wp_unique_filename ($upload['path'], $name);  // functions.php1931: ⇓ function wp_upload_bits($name, $deprecated, $bits, $time = null)  

File Manipulation

1980: fwrite fwrite($ifp, $bits);  // functions.php1976: $ifp = fopen($new_file, 'wb');  // functions.php1965: $new_file = $upload['path'] . "/$filename";  // functions.php1942: $upload = wp_upload_dir ($time);  // functions.php1931: ⇓ function wp_upload_bits($name, $deprecated, $bits, $time = null)1963: $filename = wp_unique_filename ($upload['path'], $name);  // functions.php1942: $upload = wp_upload_dir ($time);  // functions.php1931: ⇓ function wp_upload_bits($name, $deprecated, $bits, $time = null)1931: ⇓ function wp_upload_bits($name, $deprecated, $bits, $time = null)1931: ⇓ function wp_upload_bits($name, $deprecated, $bits, $time = null) 

File Manipulation

1988: chmod chmod($new_file, $perms);  // functions.php1965: $new_file = $upload['path'] . "/$filename";  // functions.php1942: $upload = wp_upload_dir ($time);  // functions.php1931: ⇓ function wp_upload_bits($name, $deprecated, $bits, $time = null)1963: $filename = wp_unique_filename ($upload['path'], $name);  // functions.php1942: $upload = wp_upload_dir ($time);  // functions.php1931: ⇓ function wp_upload_bits($name, $deprecated, $bits, $time = null)1931: ⇓ function wp_upload_bits($name, $deprecated, $bits, $time = null)  

Code Execution

2405: call_user_func call_user_func($function, $message, $title, $args);  // functions.php2402: $function = apply_filters('wp_die_handler', '_default_wp_die_handler');  // functions.phpelseif(defined('XMLRPC_REQUEST') && XMLRPC_REQUEST) else ,2393: $function = apply_filters('wp_die_xmlrpc_handler', '_xmlrpc_wp_die_handler');  // functions.phpelseif(defined('XMLRPC_REQUEST') && XMLRPC_REQUEST),2384: $function = apply_filters('wp_die_ajax_handler', '_ajax_wp_die_handler');  // functions.phpif(defined('DOING_AJAX') && DOING_AJAX),  

HTTP Response Splitting

2458: header header('Content-Type: text/html; charset=utf-8');  // functions.phprequires:2454: if(!did_action('admin_head')) : 2455: if(!headers_sent()) 
لینک به دیدگاه
به اشتراک گذاری در سایت های دیگر

Cross-Site Scripting

2473: echo echo "dir='$text_direction'";  // functions.php2468: $text_direction = 'rtl';  // functions.phpelseif(function_exists('is_rtl') && is_rtl()),2466: $text_direction = 'rtl';  // functions.phpif(isset($r) && 'rtl' == $r),2464: $text_direction = 'ltr';  // functions.phprequires:2454: if(!did_action('admin_head')) : 2473: if(function_exists('language_attributes') && function_exists('is_rtl')) else

Cross-Site Scripting

2476: echo echo $title;  // functions.php2462: $title = __('WordPress › Error') : 'WordPress › Error';  // functions.phpif(empty($title)),2431: $title = $error_data['title'];  // functions.phpif(function_exists('is_wp_error') && is_wp_error($message)), if(empty($title)), if(is_array($error_data) && isset($error_data)),2429: $error_data = $message->get_error_data();  // functions.phpif(function_exists('is_wp_error') && is_wp_error($message)), if(empty($title)),requires:2454: if(!did_action('admin_head')) :  

Cross-Site Scripting

2580: echo echo $message;  // functions.php2451: $message .= "\n<p><a href='javascript:history.back()'>$back_text</a></p>";  // functions.phpif(isset($r) && $r),2446: $message = "<p>$message</p>";  // functions.phpelseif(is_string($message)),2442: $message = "<ul>\n\t\t<li>" . join("</li>\n\t\t<li>", $errors) . "</li>\n\t</ul>";  // functions.phpif(function_exists('is_wp_error') && is_wp_error($message)), switch(count($errors)),2433: $errors = $message->get_error_messages();  // functions.phpif(function_exists('is_wp_error') && is_wp_error($message)),2439: $message = "<p>{$errors[0]}}</p>";  // functions.phpif(function_exists('is_wp_error') && is_wp_error($message)), switch(count($errors)), case 1 : ,2433: $errors = $message->get_error_messages();  // functions.phpif(function_exists('is_wp_error') && is_wp_error($message)),2436: $message = '';  // functions.phpif(function_exists('is_wp_error') && is_wp_error($message)), switch(count($errors)), case 0 : ,2442: $message = "<ul>\n\t\t<li>" . join("</li>\n\t\t<li>", $errors) . "</li>\n\t</ul>";  // functions.phpif(function_exists('is_wp_error') && is_wp_error($message)), switch(count($errors)),2433: $errors = $message->get_error_messages();  // functions.phpif(function_exists('is_wp_error') && is_wp_error($message)),2439: $message = "<p>{$errors[0]}}</p>";  // functions.phpif(function_exists('is_wp_error') && is_wp_error($message)), switch(count($errors)), case 1 : ,2433: $errors = $message->get_error_messages();  // functions.phpif(function_exists('is_wp_error') && is_wp_error($message)),2436: $message = '';  // functions.phpif(function_exists('is_wp_error') && is_wp_error($message)), switch(count($errors)), case 0 : ,2450: $back_text = __('« Back') : '« Back';  // functions.phpif(isset($r) && $r),2446: $message = "<p>$message</p>";  // functions.phpelseif(is_string($message)),2442: $message = "<ul>\n\t\t<li>" . join("</li>\n\t\t<li>", $errors) . "</li>\n\t</ul>";  // functions.phpif(function_exists('is_wp_error') && is_wp_error($message)), switch(count($errors)),2433: $errors = $message->get_error_messages();  // functions.phpif(function_exists('is_wp_error') && is_wp_error($message)),2439: $message = "<p>{$errors[0]}}</p>";  // functions.phpif(function_exists('is_wp_error') && is_wp_error($message)), switch(count($errors)), case 1 : ,2433: $errors = $message->get_error_messages();  // functions.phpif(function_exists('is_wp_error') && is_wp_error($message)),2436: $message = '';  // functions.phpif(function_exists('is_wp_error') && is_wp_error($message)), switch(count($errors)), case 0 : ,2442: $message = "<ul>\n\t\t<li>" . join("</li>\n\t\t<li>", $errors) . "</li>\n\t</ul>";  // functions.phpif(function_exists('is_wp_error') && is_wp_error($message)), switch(count($errors)),2433: $errors = $message->get_error_messages();  // functions.phpif(function_exists('is_wp_error') && is_wp_error($message)),2439: $message = "<p>{$errors[0]}}</p>";  // functions.phpif(function_exists('is_wp_error') && is_wp_error($message)), switch(count($errors)), case 1 : ,2433: $errors = $message->get_error_messages();  // functions.phpif(function_exists('is_wp_error') && is_wp_error($message)),2436: $message = '';  // functions.phpif(function_exists('is_wp_error') && is_wp_error($message)), switch(count($errors)), case 0 : ,  

Cross-Site Scripting

2624: die die ((string)$message);  // functions.php2622: ⇓ function _ajax_wp_die_handler($message = '')requires:2623: if(is_scalar($message))

Cross-Site Scripting

2640: die die ((string)$message);  // functions.php2638: ⇓ function _scalar_wp_die_handler($message = '')requires:2639: if(is_scalar($message))  

Code Execution.

2669: call_user_func_array $json = call_user_func_array('json_encode', $args);  // functions.php 

Code Execution

2684: call_user_func_array call_user_func_array('json_encode', $args);  // functions.php 

HTTP Response Splitting

2789: header header('Content-Type: application/json; charset=' . get_option('blog_charset'));  // functions.php  

Cross-Site Scripting

2790: echo echo wp_json_encode ($response);  // functions.php2788: ⇓ function wp_send_json($response)  

Userinput is passed through function parameters.

2810: ⇑ wp_send_json ($response);  // functions.php2808: $response['data'] = $data;  // functions.phpif(isset($data)),2804: ⇓ function wp_send_json_success($data = null)  

Userinput is passed through function parameters.

2845: ⇑ wp_send_json ($response);  // functions.php2841: $response['data'] = $data;  // functions.phpif(isset($data)), if(is_wp_error($data)) else ,2827: ⇓ function wp_send_json_error($data = null)  
لینک به دیدگاه
به اشتراک گذاری در سایت های دیگر

برای ارسال دیدگاه یک حساب کاربری ایجاد کنید یا وارد حساب خود شوید

برای اینکه بتوانید دیدگاهی ارسال کنید نیاز دارید که کاربر سایت شوید

ایجاد یک حساب کاربری

برای حساب کاربری جدید در سایت ما ثبت نام کنید. عضویت خیلی ساده است !

ثبت نام یک حساب کاربری جدید

ورود به حساب کاربری

دارای حساب کاربری هستید؟ از اینجا وارد شوید

ورود به حساب کاربری

انجمن تیم امنیتی گارد ایران

تیم امنیتی گارد ایران یک گروه مستقل است که قوانین آن با خط مشی جمهوری اسلامی ایران مغایرت ندارد. تیم امنیتی گارد ایران از سال 1393 فعالیت خود را آغاز کرد و هدف این تیم تامین امنیت سایت ها و سرورهای ایرانی است. تیم ما همیشه برای دفاع از مرزهای سایبری سرزمین عزیزمان ایران آماده است.

شبکه های اجتماعی

×
×
  • اضافه کردن...