2020
06.05

This Metasploit module exploits a file upload feature of Drag and Drop Multi File Upload – Contact Form 7 for versions prior to 1.3.4. The allowed file extension list can be bypassed by appending a %, allowing for php shells to be uploaded. No authentication is required for exploitation.

No Comment.

Add Your Comment

You must be logged in to post a comment.