WordPress Download Manager Remote Code Execution Vulnerability (Add WP Admin)

Wordpress Download Manager

    ___ ___               __
   |   Y   .-----.----.--|  .-----.----.-----.-----.-----.
   |.  |   |  _  |   _|  _  |  _  |   _|  -__|__ --|__ --|
   |. / \  |_____|__| |_____|   __|__| |_____|_____|_____|
   |:      |    ______      |__|              __                __
   |::.|:. |   |   _  \ .-----.--.--.--.-----|  .-----.---.-.--|  |
   `--- ---'   |.  |   \|  _  |  |  |  |     |  |  _  |  _  |  _  |
               |.  |    |_____|________|__|__|__|_____|___._|_____|
               |:  1    /   ___ ___
               |::.. . /   |   Y   .---.-.-----.---.-.-----.-----.----.
               `------'    |.      |  _  |     |  _  |  _  |  -__|   _|
                           |. \_/  |___._|__|__|___._|___  |_____|__|
                           |:  |   |                 |_____|
                           |::.|:. |
                           `--- ---'
                                                   WordPress Download Manager
                                                      R3m0t3 C0d3 Ex3cut10n
                                                         (Add WP Admin)
                                                          v2.7.0-2.7.4

                               Written by:

                             Claudio Viviani

                          http://www.homelab.it

                             info@homelab.it
                         homelabit@protonmail.ch

                   https://www.facebook.com/homelabit
                      https://twitter.com/homelabit
                    https://plus.google.com/+HomelabIt1/
           https://www.youtube.com/channel/UCqqmSdMqf_exicCe_DjlBww

[+] Tryng to connect to: http://10.0.0.67/wordpress
[!] Account Added
[!] Location: http://10.0.0.67/wordpress/wp-login.php
[!] Username: r7Uo4v
[!] Password: YN1G1F

Google Dork WordPress Download Manager

index of "download-manager"

Download

Download:
         wp_download_manager_274_add_admin.py
         wp_download_manager_274_add_admin.py (Mega Mirror)

Exploit Usage

claudio@backbox3:~$ python wp_download_manager_274_add_admin.py -t http[s]://localhost[:PORT]
                    python wp_download_manager_274_add_admin.py -t http[s]://localhost[:PORT]/basedir