Posted on 3 Comments

Hack WordPress With Ajax LoadMore exploit

Hello aspiring hackers. In this howto, we will see how to hack wordpress with Ajax Loadmore exploit. n our previous howto, we have seen how to use Joomla com_contenthistory Error-Based SQL Injection exploit. Today we will see how to exploit the WordPress Ajax Loadmore PHP upload vulnerability using Metasploit.

This module exploits an arbitrary file upload in the WordPress Ajax Load More plugin version 2.8.1.1. I have tested this exploit on the above said plugin in WordPress version 4.1.3 on Windows.  The only offside is this exploit requires credentials. Start Metasploit and load the exploit as shown below.

hack wordpress

Set payload as below.

Type command “show options” to see the required options for this exploit.

hack wordpress

Set the required options as shown below. Set the remote IP address, targeturi, password and username as shown below.

After setting all the options, check whether once again as shown below.

Type command “exploit” and we will get the meterpreter session as shown below.

That’s how we hack wordpress with ajax loadmore exploit. Want to learn how Black hat hackers hack? Subscribe to our Digital Magazine Now.

Follow Us

3 thoughts on “Hack WordPress With Ajax LoadMore exploit

  1. […] on another popular CMS WordPress. This howto is a pre-prequel to one of my articles on how to hack wordpress right here. This howto will have two other sequels and watch out for some easter eggs in this howto. ( Mind my […]

  2. […] are unauthenticated, sometimes we require credentials to exploit a vulnerability like the WordPress ajax loadmore Php upload exploit we saw in one of  previous howtos. But how do we get these credentials. Metasploit has an auxiliary […]

  3. […] are unauthenticated, sometimes we require credentials to exploit a vulnerability like the WordPress ajax loadmore Php upload exploit we saw in one of  previous howtos. But how do we get these credentials. Metasploit has an auxiliary […]

Comments are closed.