CoCalc -- config.yaml

GitHub Repository: beefproject/beef
Path: blob/master/modules/misc/wordpress/upload_rce_plugin/config.yaml
¹¹⁵⁴ views

1
#
2
# Copyright (c) 2006-2025 Wade Alcorn - [email protected]
3
# Browser Exploitation Framework (BeEF) - https://beefproject.com
4
# See the file 'doc/COPYING' for copying permission
5
#
6
beef:
7
    module:
8
        wordpress_upload_rce_plugin:
9
            enable: true
10
            category: Misc
11
            name: WordPress Upload RCE Plugin
12
            description: |
13
              This module attempts to upload and activate a malicious wordpress plugin, which will be hidden from the plugins list in the dashboard.
14
              Afterwards, the URI to trigger is: http://vulnerable-wordpress.site/wp-content/plugins/beefbind/beefbind.php, 
15
              and the command to execute can be send by a POST-parameter named 'cmd', with a 'BEEF' header containing the value of the auth_key option.
16
              However, there are more stealthy ways to send the POST request to execute the command, depending on the target.
17
              CORS headers have been added to allow bidirectional crossorigin communication.
18
            authors: ['Bart Leppens', 'Erwan LR']
19
            target:
20
                working: ['ALL']
21

22

Product

Resources

Company