wordpress exploits framework - wpxf v1.4.

wordpress exploits framework – wpxf v1.4.

Changelog wordpress exploit framework v1.4 23/1/2017:
Bug Fixes:
+ Fix invalid yardoc

Core Changes:
+ Add a new method to the FileDownload mixin which allows for the validation of file contents
+ Change modules which accept a local file path as an option value to properly expand the path and allow the use of tilde as a shortcut to the home directory

New Modules:
+ Add MailChimp for WordPress reflected XSS shell upload
+ Add Delete All Comments shell upload
+ Add Check Email < 0.5 reflected XSS shell upload
+ Add WordPress 4.7 user information disclosure
+ Add Instagram Feed <= 1.4.6.2 CSRF stored XSS shell upload
+ Add WP Whois Domain reflected XSS shell upload
+ Add WP Vault file download
+ Add Social Pug <= 1.2.5 reflected XSS shell upload
+ Add Content Grabber reflected XSS shell upload
+ Add Quiz and Survey Master <= 4.7.8 reflected XSS shell upload
+ Add Direct Download for WooCommerce <= 1.15 file download
+ Add Brafton Content Importer < 3.4.7 reflected XSS shell upload
+ Add Podlove Podcast Publisher <= 2.3.15 reflected XSS shell upload
+ Add WangGuard <= 1.7.2 reflected XSS shell upload

Dependencies:
+ Update Nokogiri to 1.7.0
+ Update Slop to 4.4.1
+ Update Require All to 1.4
+ Update Typhoeus to 1.1.2

wpxf v1.4

wordpress-exploit-framework

wordpress-exploit-framework

wordpress-exploit-framework is A Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems.

wordpress exploit framework

wordpress exploit framework

payloads are available?
+ bind_php: uploads a script that will bind to a specific port and allow WPXF to establish a remote shell.
+ custom: uploads and executes a custom PHP script.
+ download_exec: downloads and runs a remote executable file.
+ exec: runs a shell command on the remote server and returns the output to the WPXF session.
+ reverse_tcp: uploads a script that will establish a reverse TCP shell.

difference between auxiliary and exploit modules?
+ Auxiliary modules do not allow you to run payloads on the target machine, but instead allow you to extract information from the target, escalate privileges or provide denial of service functionality.

+ Exploit modules require you to specify a payload which subsequently gets executed on the target machine, allowing you to run arbitrary code to extract information from the machine, establish a remote shell or anything else that you want to do within the context of the web server.

Usage

Source : http://www.getwpxf.com/ | Our Post Before | Download: v1.4.zip | v1.4.tar.gz