Home / os / winnt

WordPress Drag And Drop Multi File Uploader Remote Code Execution

Posted on 05 June 2020

This Metasploit module exploits a file upload feature of Drag and Drop Multi File Upload - Contact Form 7 for versions prior to 1.3.4. The allowed file extension list can be bypassed by appending a %, allowing for php shells to be uploaded. No authentication is required for exploitation.

 

TOP

Malware :

Exploits :