DB: 2022-04-23

2 changes to exploits/shellcodes

exploits/multiple/webapps/50542.txt

@@ -5,6 +5,7 @@
 # Vendor Homepage: https://softwell.com.br/
 # Version: 3.6.0.42
 # Tested on: Kali Linux 2021.3
+# CVE: CVE-2021-43650
 
 =-=-=-= Description =-=-=-=
 

exploits/php/webapps/50882.py

@@ -39,7 +39,15 @@ import re
 # The file we upload must have the following structure:
 # 1. It must be a ZIP file. You can name it as you want.
 # 2. It must contain a folder called "elementor-pro"
-# 3. This folder must contain a file named "elementor-pro.php"
+# 3. This folder must contain a file named "elementor-pro.php"# This file will be YOUR payload (e.g. PHP Reverse Shell or anything else)
+# 4. The payload must contain AT LEAST the plugin name, otherwise WordPress will NOT accept it and the upload will FAIL
+# e.g.
+# <?php
+# /**
+# * Plugin Name: Elementor Pro
+# */
+# // Actual PHP payload
+# ?>
 # This file will be YOUR payload (e.g. PHP Reverse Shell or anything else)
 #
 # WARNING: The fake plugin we upload will be activated by Elementor, this means that each time we visit any page we trigger our payload.