Real Estate 7 v2.5.6 Authenticated Arbitrary File Upload exploit POC

by WpHutte.com

Notes:

You need to be logged with any privileges (subscriber, customer, etc) on the target URL for this to work.

Settings:

Target URL:
* Note, /wp-admin/admin-ajax.php gets appended automatically if needed


The Form

action : ct_front_img_upload

Select a file:



Iframe for POST result



POC by WPHutte.com