CVE-2020-12800 PoC — WordPress Drag and Drop Multi File Upload - Contact Form 代码问题漏洞

Source

https://github.com/amartinsec/CVE-2020-12800

Associated Vulnerability

Title:WordPress Drag and Drop Multi File Upload - Contact Form 代码问题漏洞 (CVE-2020-12800)
Description:WordPress是WordPress基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。Drag and Drop Multi File Upload - Contact Form是使用在其中的一个拖放式文件上传和联系表单插件。 WordPress Drag and Drop Multi File Upload - Contact Form 7 1.3.3.3之前版本中存在安全漏洞。攻击者可通过将supported_type设置为php%利用该漏洞上传ph

Description

POC Script for CVE-2020-12800: RCE through Unrestricted File Type Upload

Readme

<!-- What doth life???
Wordpress core isn't bad, it's the plugins that cause issues...
blog.amartinsec.com / @amartinsec 
blah -->
# CVE-2020-12800
POC Script for CVE-2020-12800: RCE through Unrestricted File Type Upload 


Vulnerable plugin for testing hosted at:
https://mega.nz/file/aQUClQKC#ZYeiTYSrPuRnwwlRavy4cqf_EXs34Tkq6KQig2RcOas

[Pentester Academy lab](https://attackdefense.com/challengedetailsnoauth?cid=2195)

File Snapshot


 [4.0K]  /data/pocs/3b5c8e387562f1a8f25b84db0a4244db2b80e76e
├── [5.7K]  exploit.py
└── [ 423]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!