关键词: 漏洞分析, 漏洞研究, 高危漏洞, WordPress 5.0.0, 远程代码执行, WordPress远程代码执行

Abstract: With the high-speed development of the Internet, the security problems of Web applications have become increasingly prominent. In the context of the widespread used open source software, it has become more and more concerned by security practitioners. There is no doubt that open source software occupies an irreplaceable position in current network applications, its security issues are always related to a large number of our daily use applications. These security issues can cause immeasurable damage, both to individuals and businesses. Especially when these security issues or vulnerabilities are exploited by some attackers, the consequences are unimaginable. From the perspective of Internet companies, it is particularly necessary and vital to solve security problems. Research on open vulnerabilities can help security practitioners understand the causes of vulnerabilities and the main techniques of exploits better, help companies and their users reduce the risk of potential losses. As you can see, WordPress, an important part of open source software contributes to lots of Web applications, the representative of blog and content manage system, is all the time focused on by the attackers around the world. Some experienced attackers may use different exploit ways to bypass the existed protection policy which is based on the well-known tricks that published. At the same time, these attackers are now more circumspect about using these exploit ways to avoid these new ways being exposed. For the most enterprises, they consequently have no ability to keep knowing it in real time and they will be caught off guard when the attackers come. In a sense, to discuss about the different exploit ways is indispensable. Therefore, this paper combines the published analysis paper about WordPress 5.0.0 remote code execution vulnerability, proposes a different exploit way on last step which directly causes arbitrary code execution that can be maliciously exploited by some attackers. Purpose of the research is to provide detailed info for the security practitioners', help them understand the causes of the vulnerability, complete the vulnerability recurrence with a different approach, as well as to enhance their vulnerability detection capabilities and promote the enterprise to effectively discover and fix the vulnerabilities.

Key words: vulnerability analysis, vulnerability research, high risk vulnerability, WordPress 5.0.0, remote code execution, WordPress RCE