New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

upload non-encapsulated payload when zip installation fails #52

merged 1 commit into from Aug 4, 2018


None yet
3 participants
Copy link

viniciusmarangoni commented Jul 11, 2018

When playng the Stapler CTF (,150/) I realized that wpxf wouldn't able to get a reverse shell using the admin_shell_upload module. The module was able to upload the zip file in wp-content/uploads/ but wasn't able to extract it to wp-content/plugins/ because lack of permissions on this dir. I don't know if this is a common behaviour. I wrote a workaround that uploads directly the php payload file (without encapsulating it in a zip) and then accesses the payload in wp-content/uploads/PAYLOADNAME.php

I apologize for any mistake in my code. I'm not familiar with ruby.

@rastating rastating self-assigned this Aug 4, 2018

@rastating rastating merged commit 19e3493 into rastating:development Aug 4, 2018

1 check failed

continuous-integration/travis-ci/pr The Travis CI build failed

rastating added a commit that referenced this pull request Aug 4, 2018


This comment has been minimized.

Copy link

rastating commented Aug 4, 2018

Thanks for the contribution @viniciusmarangoni - I've just merged it into the development branch 🎉

This should be in the next minor release, which will probably be in a few weeks time.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment