CVE-2018-6398 patch

From Barak Tawily, 2 Months ago, written in Bash, viewed 184 times.
URL https://secploit.com/view/59b05e20 Embed
Download Paste or View Raw
  1. if [[ -f wp-login.php && -f wp-admin/load-scripts.php && -f wp-admin/includes/noop.php ]]
  2. then
  3.         sed -i "1 s/^.*$/<?php\ndefine('CONCATENATE_SCRIPTS', false);/" wp-login.php
  4.         sed -i -e "s/^require( ABSPATH . WPINC . '\/script-loader.php' );$/require( ABSPATH . 'wp-admin\/admin.php' );/g" wp-admin/load-scripts.php
  5.         sed -i -e "s/^require( ABSPATH . WPINC . '\/script-loader.php' );$/require( ABSPATH . 'wp-admin\/admin.php' );/g" wp-admin/load-styles.php
  6.         echo """<?php
  7. /**
  8. * Noop functions for load-scripts.php and load-styles.php.
  9. *
  10. * @package WordPress
  11. * @subpackage Administration
  12. * @since 4.4.0
  13. */
  14.  
  15. function get_file( \$path ) {
  16.        if ( function_exists('realpath') ) {
  17.                \$path = realpath( \$path );
  18.        }
  19.        if ( ! \$path || ! @is_file( \$path ) ) {
  20.                return '';
  21.        }
  22.        return @file_get_contents( \$path );    
  23. }""" > wp-admin/includes/noop.php
  24.   echo 'Successfuly patched.'
  25. else
  26.         echo 'Please run this file from WordPress root directory.'
  27. fi

Reply to "CVE-2018-6398 patch"

Here you can reply to the paste above