file:file_folder_manager.php
code:set_transient( 'wp_fm_lang', $_GET['lang'] , 60 60 720 );
file:lib\wpfilemanager.php
code:var fmlang = "";
poc:
request
GET /blog/wp-admin/admin.php?page=wp_file_manager&lang=zh_CN HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Cookie: wordpress_5aa6a4a225f40db86349342d0826a90c=admin%7C1535989327%7CKko2gM0P0FjhgEpNTIqRneg9Ky7aKaqWloRFGrsyw6q%7C71f1ed8075d5a34b82548bb0a92e6b6338ecf8fba0adc57da627d55f07693220; wordpress_test_cookie=WP+Cookie+check; wordpress_logged_in_5aa6a4a225f40db86349342d0826a90c=admin%7C1535989327%7CKko2gM0P0FjhgEpNTIqRneg9Ky7aKaqWloRFGrsyw6q%7C5fbc26f57a4eaf15c60c5840d5fa14f296e3bb1c66e567358d761a3963d1bb82; wp-settings-1=deleted; wp-settings-time-1=1535770900; PHPSESSID=501108188d8569138517f08ba9741c92
Connection: close
Upgrade-Insecure-Requests: 1response
HTTP/1.1 200 OK
Date: Sat, 01 Sep 2018 15:55:34 GMT
Server: Apache/2.4.23 (Win32) OpenSSL/1.0.2j PHP/5.2.17
X-Powered-By: PHP/5.2.17
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
X-Frame-Options: SAMEORIGIN
Referrer-Policy: strict-origin-when-cross-origin
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 47316
.........
";
var vle_nonce = "863ad12aa7";
.........