Clik here to view.
Hack Web Server using WordPress Work the Flow Upload Vulnerability
This module exploits an arbitrary PHP code upload in the WordPress Work the Flow plugin, version 2.5.2. The vulnerability allows for arbitrary file upload and remote code execution Exploit Targets...
View ArticleClik here to view.
Exploit Web Server using WordPress Photo Gallery Unrestricted File Upload
Photo Gallery Plugin for WordPress contains a flaw that allows a remote attacker to execute arbitrary PHP code. This flaw exists because the photo-gallery\photo-gallery.php script allows access to...
View ArticleClik here to view.
Exploit Web Server using WordPress WPTouch Authenticated File Upload
The WordPress WPTouch plugin contains authenticated file upload vulnerability. A wp-nonce (CSRF token) is created on the backend index page and the same token is used on handling ajax file uploads...
View ArticleClik here to view.
Exploit Web Server using WordPress InfusionSoft Upload Vulnerability
This module exploits an arbitrary PHP code upload in the WordPress Infusionsoft Gravity Forms plugin, versions from 1.5.3 to 1.5.10. The vulnerability allows for arbitrary file upload and remote code...
View ArticleClik here to view.
Hack Web Server using WordPress WP EasyCart Unrestricted File Upload
WordPress Shopping Cart (WP EasyCart) Plugin for WordPress contains a flaw that allows a remote attacker to execute arbitrary PHP code. This flaw exists because the...
View ArticleClik here to view.
Hack Web Server using Joomla HTTP Header Unauthenticated Remote Code Execution
Joomla suffers from an unauthenticated remote code execution that affects all versions from 1.5.0 to 3.4.5. By storing user supplied headers in the databases session table it’s possible to truncate the...
View ArticleClik here to view.
Hack Web Server using PHP Utility Belt Remote Code Execution
This module exploits remote code execution vulnerability in PHP Utility Belt, which is a set of tools for PHP developers and should not be installed in a production environment, since this application...
View ArticleClik here to view.
Hack Web Server using ATutor 2.2.1 SQL Injection / Remote Code Execution
This module exploits SQL Injection vulnerability and authentication weakness vulnerability in ATutor. This essentially means an attacker can bypass authentication and reach the administrator’s...
View ArticleClik here to view.
Hack Remote Server using WordPress Plugin Foxypress uploadify.php Arbitrary...
This module exploits an arbitrary PHP code execution flaw in the WordPress blogging software plugin known as Foxypress. The vulnerability allows for arbitrary file upload and remote code execution via...
View ArticleClik here to view.
Hack Drupal Website Server using Drupal HTTP Parameter Key/Value SQL Injection
This module exploits the Drupal HTTP Parameter Key/Value SQL Injection (aka Drupageddon) in order to achieve a remote shell on the vulnerable instance. This module was tested against Drupal 7.0 and...
View ArticleClik here to view.
Hack WordPress Server using WordPress SlideShow Gallery Authenticated File...
The WordPress SlideShow Gallery plugin contains an authenticated file upload vulnerability. An attacker can upload arbitrary files to the upload folder. Since the plugin uses its own file upload...
View ArticleClik here to view.
Hacking WordPress using Ninja Forms Unauthenticated File Upload
Versions 2.9.36 to 2.9.42 of the Ninja Forms plugin contain an unauthenticated file upload vulnerability, allowing guests to upload arbitrary PHP code that can be executed in the context of the web...
View ArticleClik here to view.
Penetration Testing in WordPress Website using WordPress Exploit Framework
A Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems first clone WPXF repository from github, to do so type:...
View ArticleClik here to view.
Exploiting OS Command Injection in Web Application using Commix
Commix (short for [comm]and [i]njection e[x]ploiter) is an automated tool written by Anastasios Stasinopoulos that can be used from web developers, penetration testers or even security researchers in...
View ArticleClik here to view.
Exploit Remote Server using Tiki-Wiki CMS Calendar Command Execution
Tiki-Wiki CMS’s calendar module contains a remote code execution vulnerability within the viewmode GET parameter. The calendar module is NOT enabled by default. If enabled, the default permissions are...
View ArticleClik here to view.
Hack Web Server using Tiki Wiki Unauthenticated File Upload Vulnerability
This module exploits a file upload vulnerability in Tiki Wiki <= 15.1 which could be abused to allow unauthenticated users to execute arbitrary code under the context of the web server user. The...
View ArticleClik here to view.
Hack Drupal Website using Drupal RESTWS Module Remote PHP Code Execution
This module exploits a Remote PHP Code Execution vulnerability in Drupal RESTWS Module. Unauthenticated users can execute arbitrary code under the context of the web server user. RESTWS alters the...
View ArticleClik here to view.
Brute Force Website Login Page using Burpsuite (Beginner Guide)
In this article we will learn to prosecute dictionary attack from BurpSuite. And we will try and crack the password of DVWA Lab. Burp Suite: Burp Suite is an integrated platform for performing security...
View ArticleClik here to view.
Command Injection Exploitation in DVWA using Metasploit (Bypass All Security)
Command injection is an attack in which the goal is execution of arbitrary commands on the host operating system via a vulnerable application. Command injection attacks are possible when an application...
View ArticleClik here to view.
Exploiting Joomla Website using Account Creation and Privilege Escalation
In this article we will learn about hacking Joomla CMS. And to so we will be a pre-instaled module of metasploit which will further help us to create an autocratic account with administrative...
View Article