wpxf updates - wordpress exploit framework.

wpxf updates – wordpress exploit framework.

latest change 25/4/2016:
+ exploit:
— Add Easy Contact Form Builder reflected XSS module
— Add FAQ WD reflected XSS shell upload module
— Add Infusionsoft Gravity Forms refleted XSS module
— Add leenk.me reflected XSS shell upload module
— Add Tidio Gallery reflected XSS module
— Add WPSOLR reflected XSS module
— Add Whizz reflected XSS module
— Add Simpel Reserveren reflected XSS shell upload module
+ Auxiliary:
— Add Memphis Documents Library arbitrary file download module

wordpress-exploit-framework

wordpress-exploit-framework

wordpress-exploit-framework is A Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems.

wordpress exploit framework

wordpress exploit framework

payloads are available?
+ bind_php: uploads a script that will bind to a specific port and allow WPXF to establish a remote shell.
+ custom: uploads and executes a custom PHP script.
+ download_exec: downloads and runs a remote executable file.
+ exec: runs a shell command on the remote server and returns the output to the WPXF session.
+ reverse_tcp: uploads a script that will establish a reverse TCP shell.

difference between auxiliary and exploit modules?
+ Auxiliary modules do not allow you to run payloads on the target machine, but instead allow you to extract information from the target, escalate privileges or provide denial of service functionality.

+ Exploit modules require you to specify a payload which subsequently gets executed on the target machine, allowing you to run arbitrary code to extract information from the machine, establish a remote shell or anything else that you want to do within the context of the web server.

Usage

Source : http://www.getwpxf.com/ | Our Post Before