Hello aspiring hackers. In this howto we will learn about WordPress Mobile Detector Plugin upload and execute module .WordPress is a free and open-source content management system (CMS) based on PHP and MySQL. It is very popular not only for the ease with which a website can be set up using it, but also how simply multiple plugins and themes can be added in it to give extended functionality without much hassle. But these plugins can pose a high security risk if not properly coded.
One such plugin is WordPress Mobile Detector. This plugin is used to display content on WordPress sites in a format suitable for phones and tablet devices. This plugin is used mostly by business users. Version 3.5 of this plugin is affected with file upload vulnerability. A hacker can upload malicious arbitrary files and execute them.
Let us see how this module works. Load the module and check the options it requires as shown below.
The options this module requires are the remote host address (target address), the targeturi and the local host address (IP address of Kali Linux). The only thing that can go wrong in setting options is that of targeturi, the location where WordPress is installed. If you set it wrong, this module may not work. Check if the target is indeed running the vulnerable version of the plugin using the “check” command.
Execute the modue using the “run” command. If everything went well, you should get a meterpreter shell on the target machine as shown below. You can see in the image below as to how this exploit works. This vulnerability is an arbitrary file upload vulnerability which allows hackers to upload any file into the target web server So this module first creates a malicious file, hosts it on a web server and uploads it into the target web server using this vulnerability.
We will be back with a new exploit next time. Until then, Goodbye.