what you don't know can hurt you

Register | Login

FilesNewsUsersAuthors

Home Files News &[SERVICES_TAB]About Contact Add New

Showing 1 - 2 of 2

Files from Austin Martin

WordPress Drag And Drop Multi File Uploader Remote Code Execution

Posted Jun 4, 2020

Authored by h00die, Austin Martin | Site metasploit.com

This Metasploit module exploits a file upload feature of Drag and Drop Multi File Upload - Contact Form 7 for versions prior to 1.3.4. The allowed file extension list can be bypassed by appending a %, allowing for php shells to be uploaded. No authentication is required for exploitation.

tags | exploit, shell, php, file upload

advisories | CVE-2020-12800

SHA-256 | d94c9f0362d25709f05afe545bc81aff8520f8eb38e83726bf24a2463da16a0a

Download | Favorite | View

WordPress Drag And Drop File Upload Contact Form 1.3.3.2 Shell Upload

Posted May 27, 2020

Authored by Austin Martin

WordPress Drag and Drop File Upload Contact Form plugin version 1.3.3.2 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell, file upload

SHA-256 | 36da7f722845fbc942179b4637fb9e3df8d66888734d49a9f4a425645863787a

Download | Favorite | View