Update documentation

Chocapikk · Dec 12, 2024 · e06dd6d · e06dd6d
1 parent 9c8db05
commit e06dd6d
Showing 1 changed file with 4 additions and 2 deletions.
diff --git a/documentation/modules/exploit/multi/http/wp_time_capsule_file_upload_rce.md b/documentation/modules/exploit/multi/http/wp_time_capsule_file_upload_rce.md
@@ -9,8 +9,10 @@ To replicate a vulnerable environment for testing:
 2. Download and install the [WP Time Capsule plugin v1.22.21](https://downloads.wordpress.org/plugin/wp-time-capsule.1.22.21.zip).
 3. Verify that the plugin is activated and accessible on the local network.
 4. Register for a WP Time Capsule account and connect the plugin to an external storage system (e.g., Google Drive, Dropbox).
-5. Access `wp-admin/admin.php?page=wp-time-capsule-settings#wp-time-capsule-tab-advanced`
-to enable the vulnerable functionality by clicking **"Click here to show upload options"**.
+5. Access `wp-admin/admin.php?page=wp-time-capsule-settings#wp-time-capsule-tab-advanced` to enable the **file upload functionality**
+by clicking **"Click here to show upload options"**.
+This action triggers the `prepare_file_upload_index_file_wptc` function, which creates the required `index.php` file
+in the `/wp-tcapsule-bridge/upload/php/` directory, making the issue exploitable.
 
 ## Docker Compose Configuration