## https://sploitus.com/exploit?id=5E319FE2-615B-50A1-90EE-729175DE8F20
# CVE-2015-9331 POC
## Vulnerability Description
CVE-2015-9331 is an arbitrary file upload vulnerability in the WordPress plugin WP All Import. This vulnerability allows unauthenticated attackers to upload arbitrary files to the server, potentially leading to remote code execution.
## Impact Scope
- **Plugin Name**: WP All Import
- **Affected Versions**: <= 3.2.3
- **Vulnerability Type**: Arbitrary file upload / Remote code execution
- **CVE Number**: CVE-2015-9331
## File Description
- `poc.py` – Python vulnerability exploitation script
- `shell.php` – PHP webshell for demonstration purposes
## How to Use
### Environment Requirements
```bash
pip install requests
```
### Running the POC
```bash
python poc.py
```
After running, enter the target URL (e.g., `http://example.com`) as prompted. The script will automatically upload a webshell and return the accessible address.
### Working Mechanism
1. The script uploads a malicious PHP file via the `/wp-admin/admin-ajax.php` endpoint.
2. It utilizes the timestamp and MD5 to determine the path of the uploaded directory.
3. It returns an accessible webshell address.
## Disclaimer
⚠️ **Warning**: This tool is intended only for security research and authorized penetration testing. Using this tool for attacks without authorization is illegal.
- Users must be responsible for their actions.
- The author does not assume responsibility for any misuse of this tool.
- Ensure that you obtain explicit written permission before using it.
## Recommendations for Fixing
- Upgrade the WP All Import plugin to the latest version.
- Implement strict file upload validation.
- Restrict access to `admin-ajax.php`.
- Use a Web Application Firewall (WAF).
## Reference Links
- [Details of CVE-2015-9331](https://vulners.com/cve/CVE-2015-9331)
- [NVD Database](https://nvd.nist.gov/vuln/detail/CVE-2015-9331)
## License
This project is licensed for educational and research purposes only.
**Note**: Please use this tool responsibly and only test in authorized environments.
[source-iocs-preserved url=http://example.com`),脚本将自动上传]