infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update documentation

master
Jacob Robles 2019-04-15 07:06:27 -05:00
parent 562de86fc9
commit 5559de2458
No known key found for this signature in database
GPG Key ID: 3EC9F18F2B12401C
2 changed files with 7 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
documentation/modules/auxiliary/admin/http/wp_google_maps_sqli.md
View File

@ -20,15 +20,14 @@ Change the table prefix. By default, this option is set to `wp_`.
## Scenarios
### wp-google-maps 7.11.17 on WordPress 5.1.1
### wp-google-maps 7.11.17 on WordPress 4.9.5
```
msf5 auxiliary(admin/http/wp_google_maps_sql_injection) > run
[*] Running module against 127.0.0.1
msf5 auxiliary(admin/http/wp_google_maps_sqli) > exploit
[*] Running module against 172.22.222.144
[*] 127.0.0.1:80 - Trying to retrieve the wp_users table...
[+] 127.0.0.1:80 - Found admin $P$Bbfp4csOlKV/XoKGjqViW1pWFzTlQz/ junk@junk.tld
[!] No active DB -- Credential data will not be saved!
[+] Credentials saved in: /home/user/.msf4/loot/2019(...).txt
[*] 172.22.222.144:80 - Trying to retrieve the wp_users table...
[+] Credentials saved in: /home/msfdev/.msf4/loot/20190415065921_default_172.22.222.144_wp_google_maps.j_022930.bin
[+] 172.22.222.144:80 - Found msfdev <hash> <email>
[*] Auxiliary module execution completed
```

2
modules/auxiliary/admin/http/wp_google_maps_sqli.rb
View File

@ -10,7 +10,7 @@ class MetasploitModule < Msf::Auxiliary
super(
'Name' => 'WordPress Google Maps Plugin SQL Injection',
'Description' => %q{
This module exploits a SQL injection vulnerability in the a REST endpoint
This module exploits a SQL injection vulnerability in a REST endpoint
registered by the WordPress plugin wp-google-maps between 7.11.00 and
7.11.17 (included).