Server returned an unexpected response

[N00BIER]

Noticed the following line seemed to be redundant -> url = new_domain + "/wp-admin/admin-ajax.php". In the original PoC the post request was made to /wp-admin/admin-ajax.php HTTP/1.1

Change full_url to url in request.post in case you get any server error response...

try: response = requests.post(full_url, headers=headers, data=data, timeout=10) if response.status_code == 200: print("[+] Successful file upload!\n") else: print("[-] Server returned an unexpected response:", response.status_code) exit(1)

[E1A]

Hi, if I'm understanding you correctly. You are saying you suggest that the full_url variable should be changed to url on line 311. The file upload is sent to the provided page where file upload is enabled, if it is sent to the base URL it won't get uploaded. Or am I not understanding it completely?

[N00BIER]

Hi there! Let me clarify.

1. url = new_domain + "/wp-admin/admin-ajax.php"
2. full_url = args.u ---> this is the URL of the postdata/upload page provided as a cli argument.

First, I used your script as is but consistently received 404 error from server. Then I checked the original PoC and noticed that his post request is sent to url (1). So, I changed full_url -> url in requests.post(full_url, headers=headers, data=data, timeout=10) and it worked. I guess the reason is that in WP all user requests are handled by admin-ajax.php.

Anyway, thanks for your effort. Well done