To gain access to the remote WordPress installation, we will do the following:
- Based on the previous use of WPScan, we see that there is a SQL injection vulnerability in the Spreadsheet plugin. Unfortunately, in our WPScan, we were unable to enumerate users, so we will use this vulnerability to get the admin user information for this installation.
- From a command line, we will use the searchsploit tool to locate ways to exploit this vulnerability:
root@kali:~/Chapter9# searchsploit WordPress Plugin Spreadsheet 0.6 - SQL Injection
- This will present us with information, indicating that exploit information is available in the file /usr/share/exploitdb/platforms/php/webapps/5486.txt. When we open this file, it contains an example ...