Good Evening Friends. In our previous howto, we have seen how to use Joomla com_contenthistory Error-Based SQL Injection exploit. Today we will see how to exploit the WordPress Ajax Loadmore PHP upload vulnerability using Metasploit. This module exploits an arbitrary file upload in the WordPress Ajax Load More plugin version 126.96.36.199. I have tested this exploit on the above said plugin in WordPress version 4.1.3 on Windows. The only offside is this exploit requires credentials. Start Metasploit and load the exploit as shown below.
Set payload as below.
Type command “show options” to see the required options for this exploit.
Set the required options as shown below. Set the remote IP address, targeturi, password and username as shown below.
After setting all the options, check whether once again as shown below.
Type command “exploit” and we will get the meterpreter session as shown below.