wpsploit Add wp_cm_download_manager

Add wp_cm_download_manager_exec.rb

Open wchen-r7 opened this issue 10 years ago • 6 comments

trafficstars

From: https://github.com/rapid7/metasploit-framework/pull/6096 by @all3g

Oct 16 '15 20:10 wchen-r7

Tks @wchen-r7 :+1:

@all3g Unfortunately this is not working for me. I'm using the vulnerable software you indicated.

exploit(wp_cm_download_manager_exec)  exploit 

[*] Started reverse handler on 10.10.10.10:4444 
[*] 10.10.10.20:80 - Uploading payload
[*] The server returned: 200 OK
[*] Exploit completed, but no session was created.

Oct 17 '15 18:10 espreto

Pleaes try http://demo-target/wordpress/cmdownloads/?CMDsearch=%22.phpinfo%28%29.%22 in your browser. It's ok for me.

Oct 18 '15 04:10 nixawk

Please check "WordPress Address (URL)" and "Site Address (URL)" in general settings, wordpress site should be accessed by others.

cm_download_manager

cm_download_manager_msfexploit

Oct 18 '15 05:10 nixawk

@all3g Yeah! Thank you! I will try again this week. :)

Oct 18 '15 23:10 espreto

@join-us I'm sorry for the long delay. I'm back. I'll test again. Thank you. :)

Jun 14 '16 02:06 espreto

@wchen-r7 Pleae see the pr given by me.

add wpvulndb reference url
use MetasploitModule as a class name

Jun 14 '16 04:06 nixawk

wpsploit wpsploit copied to clipboard

Add wp_cm_download_manager_exec.rb

wpsploit
wpsploit copied to clipboard