Share
## https://sploitus.com/exploit?id=WPEX-ID:36CED447-84EA-4162-80D2-6DF226CB53CB
1. Make sure to configure the plugin so Authors can access its settings
2. Create a new slider.
3. Save and export the slider.
4. Unzip the slider.
5. Create custom_animations.txt file.
6. Use phpggc WordPress/RCE2 to generate deserialization payload with the following command.
 ./phpggc WordPress/RCE2 system "touch /var/www/html/pwned.txt"
7. Copy the serialized payload to custom_animations.txt
8. Zip the slider_export.txt and custom_animations.txt.
9. On the site, go to Slider Revolution > Overview.
10. Click on "Manual Import" and upload your zip file. Ignore the import error if any.
11. Visit the site/pwned.txt and notice that the file has been created confirming RCE.