SHARE
TWEET

WordPress Vulnerability Scanner by N45HT

choirurrizal Oct 20th, 2017 1,323 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <?php
  2. # ShinChan - N45HT - N45HT.WEB.ID
  3. # fb.com/angelia.put - fb.com/ShinChan.admin - fb.com/N45HTOfficial - fb.com/groups/N45HTOfficial
  4. # shinchan0x1945@gmail.com
  5.  
  6. # WordPress Vulnerability Scanner - coded by ShinChan | copyright ShinChan@2017#
  7.  
  8. echo "
  9.  ___  _  _  __  _  _  __  _  _   __   _  _     _    _  ____  ___
  10. / __)( )( )(  )( \( )/ _)( )( ) (  ) ( \( )   ( \/\/ )(_  _)(  _)
  11. \__ \ )__(  )(  )  (( (_  )__(  /__\  )  (  ___\    /   )(   ) _)
  12. (___/(_)(_)(__)(_)\_)\__)(_)(_)(_)(_)(_)\_)(___)\/\/   (__) (_)  
  13.      WordPress Vulnerability Scanner - coded by ShinChan
  14.  
  15.     Thanks to :  PETR03X - Comod0x - SCYTHE404_LOL - Grav3
  16.                        All Members N45HT
  17.  
  18.  
  19. ";
  20. echo "Input your target (ex:victim.com) : ";
  21. $target = trim(fgets(STDIN));
  22. $totalvuln = "0";
  23. $totalnotvuln = "0";
  24.  
  25. if(!preg_match("/^http:\/\//",$target) AND !preg_match("/^https:\/\//",$target)){
  26.     $targets = "http://$target";
  27. }else{
  28.     $targets = $target;
  29. }
  30.  
  31. echo "\n[~] Scanning => $targets";
  32.  
  33. /* Exploit WordPress Plugin Work The Flow File Upload 2.5.2 - ShinChan - N45HT */
  34. echo "\n\n[+] Testing Exploit WordPress Plugin Work The Flow File Upload 2.5.2";
  35. $urlwtf = "$targets/wp-content/plugins/work-the-flow-file-upload/public/assets/jQuery-File-Upload-9.5.0/server/php/index.php";
  36. $curlwtf = curl_init();
  37. curl_setopt($curlwtf, CURLOPT_URL, $urlwtf);
  38. curl_setopt($curlwtf, CURLOPT_FOLLOWLOCATION, 1);
  39. curl_setopt($curlwtf, CURLOPT_RETURNTRANSFER, 1);
  40. $response = curl_exec($curlwtf);
  41. $httpCode = curl_getinfo($curlwtf, CURLINFO_HTTP_CODE);
  42. curl_close($curlwtf);
  43. if($httpCode == 200){
  44.     echo "\n    > Result : 200 ok";
  45.     echo "\n    > Exploit : WordPress Plugin Work The Flow File Upload 2.5.2";
  46.     echo "\n    > Tutorial : http://skamason.com/7IBw\n";
  47.     $totalvuln = $totalvuln + 1;
  48. }else{
  49.     echo "\n    > Result : 404";
  50.     echo "\n    > Not Vulnerable";
  51.     $totalnotvuln = $totalnotvuln + 1;
  52. }
  53. /* Exploit WordPress Plugin Work The Flow File Upload 2.5.2 - ShinChan - N45HT */
  54.  
  55. /* Exploit WordPress mTheme-Unus Local File Inclusion - ShinChan - N45HT */
  56. echo "\n\n[+] Testing Exploit WordPress mTheme-Unus Local File Inclusion";
  57. $urltu = "$targets/wp-content/themes/mTheme-Unus/css/css.php";
  58. $curltu = curl_init();
  59. curl_setopt($curltu, CURLOPT_URL, $urltu);
  60. curl_setopt($curltu, CURLOPT_FOLLOWLOCATION, 1);
  61. curl_setopt($curltu, CURLOPT_RETURNTRANSFER, 1);
  62. $response = curl_exec($curltu);
  63. $httpCode = curl_getinfo($curltu, CURLINFO_HTTP_CODE);
  64. curl_close($curltu);
  65. if($httpCode == 200){
  66.     echo "\n    > Result : 200 ok";
  67.     echo "\n    > Exploit : WordPress mTheme-Unus Local File Inclusion";
  68.     echo "\n    > Tutorial : http://skamason.com/7IPO\n";
  69.     $totalvuln = $totalvuln + 1;
  70. }else{
  71.     echo "\n    > Result : 404";
  72.     echo "\n    > Not Vulnerable";
  73.     $totalnotvuln = $totalnotvuln + 1;
  74. }
  75. /* Exploit WordPress mTheme-Unus Local File Inclusion - ShinChan - N45HT */
  76.  
  77. /* Exploit WordPress Job-Manager - ShinChan - N45HT */
  78. echo "\n\n[+] Testing Exploit WordPress Job-Manager";
  79. $urljm = "$targets/jm-ajax/upload_file";
  80. $curljm = curl_init();
  81. curl_setopt($curljm, CURLOPT_URL, $urljm);
  82. curl_setopt($curljm, CURLOPT_FOLLOWLOCATION, 1);
  83. curl_setopt($curljm, CURLOPT_RETURNTRANSFER, 1);
  84. $response = curl_exec($curljm);
  85. $httpCode = curl_getinfo($curljm, CURLINFO_HTTP_CODE);
  86. curl_close($curljm);
  87. if($httpCode == 200){
  88.     echo "\n    > Result : 200 ok";
  89.     echo "\n    > Exploit : WordPress Job-Manager";
  90.     echo "\n    > Tutorial : http://skamason.com/7IUS\n";
  91.     $totalvuln = $totalvuln + 1;
  92. }else{
  93.     echo "\n    > Result : 404";
  94.     echo "\n    > Not Vulnerable";
  95.     $totalnotvuln = $totalnotvuln + 1;
  96. }
  97. /* Exploit WordPress Job-Manager - ShinChan - N45HT */
  98.  
  99. /* Exploit WordPress Plugin Gallery 3.06 - Arbitrary File Upload - ShinChan - N45HT */
  100. echo "\n\n[+] Testing Exploit WordPress Plugin Gallery 3.06 - Arbitrary File Upload";
  101. $urlpg = "$targets/wp-content/plugins/gallery-plugin/upload/php.php";
  102. $curlpg = curl_init();
  103. curl_setopt($curlpg, CURLOPT_URL, $urlpg);
  104. curl_setopt($curlpg, CURLOPT_FOLLOWLOCATION, 1);
  105. curl_setopt($curlpg, CURLOPT_RETURNTRANSFER, 1);
  106. $response = curl_exec($curlpg);
  107. $httpCode = curl_getinfo($curlpg, CURLINFO_HTTP_CODE);
  108. curl_close($curlpg);
  109. if($httpCode == 200){
  110.     echo "\n    > Result : 200 ok";
  111.     echo "\n    > Exploit : WordPress Plugin Gallery 3.06 - Arbitrary File Upload";
  112.     echo "\n    > Tutorial : http://skamason.com/7IVq\n";
  113.     $totalvuln = $totalvuln + 1;
  114. }else{
  115.     echo "\n    > Result : 404";
  116.     echo "\n    > Not Vulnerable";
  117.     $totalnotvuln = $totalnotvuln + 1;
  118. }
  119. /* Exploit WordPress Plugin Gallery 3.06 - Arbitrary File Upload - ShinChan - N45HT */
  120.  
  121. /* Exploit WordPress Plugin Photo Gallery 1.2.5 - Unrestricted Arbitrary File Upload - ShinChan - N45HT */
  122. echo "\n\n[+] Testing Exploit WordPress Plugin Photo Gallery 1.2.5 - Unrestricted Arbitrary File Upload";
  123. $urlppg = "$targets/wp-admin/admin-ajax.php?action=bwg_UploadHandler&dir=rce/";
  124. $curlppg = curl_init();
  125. curl_setopt($curlppg, CURLOPT_URL, $urlppg);
  126. curl_setopt($curlppg, CURLOPT_FOLLOWLOCATION, 1);
  127. curl_setopt($curlppg, CURLOPT_RETURNTRANSFER, 1);
  128. $response = curl_exec($curlppg);
  129. $httpCode = curl_getinfo($curlppg, CURLINFO_HTTP_CODE);
  130. curl_close($curlppg);
  131. if($httpCode == 200){
  132.     echo "\n    > Result : 200 ok";
  133.     echo "\n    > Exploit : WordPress Plugin Photo Gallery 1.2.5 - Unrestricted Arbitrary File Upload";
  134.     echo "\n    > Tutorial : http://skamason.com/7IXX\n";
  135.     $totalvuln = $totalvuln + 1;
  136. }else{
  137.     echo "\n    > Result : 404";
  138.     echo "\n    > Not Vulnerable";
  139.     $totalnotvuln = $totalnotvuln + 1;
  140. }
  141. /* Exploit WordPress Plugin Photo Gallery 1.2.5 - Unrestricted Arbitrary File Upload - ShinChan - N45HT */
  142.  
  143. /* Exploit WordPress 4.7.0/4.7.1 Content Injection - ShinChan - N45HT */
  144. echo "\n\n[+] Testing Exploit WordPress 4.7.0/4.7.1 Content Injection";
  145. $urlci = "$targets/wp-json/wp/v2/posts";
  146. $curlci = curl_init();
  147. curl_setopt($curlci, CURLOPT_URL, $urlci);
  148. curl_setopt($curlci, CURLOPT_FOLLOWLOCATION, 1);
  149. curl_setopt($curlci, CURLOPT_RETURNTRANSFER, 1);
  150. $response = curl_exec($curlci);
  151. $httpCode = curl_getinfo($curlci, CURLINFO_HTTP_CODE);
  152. curl_close($curlci);
  153. if($httpCode == 200){
  154.     echo "\n    > Result : 200 ok";
  155.     echo "\n    > Exploit : WordPress 4.7.0/4.7.1 Content Injection";
  156.     echo "\n    > Tutorial : http://skamason.com/7IcE or http://skamason.com/7IeF\n";
  157.     $totalvuln = $totalvuln + 1;
  158. }else{
  159.     echo "\n    > Result : 404";
  160.     echo "\n    > Not Vulnerable";
  161.     $totalnotvuln = $totalnotvuln + 1;
  162. }
  163. /* Exploit WordPress 4.7.0/4.7.1 Content Injection - ShinChan - N45HT */
  164.  
  165. /* Exploit WordPress 4.7.0/4.7.1 Username Enumeration - ShinChan - N45HT */
  166. echo "\n\n[+] Testing Exploit WordPress 4.7.0/4.7.1 Username Enumeration";
  167. $urlue = "$targets/wp-json/wp/v2/users";
  168. $curlue = curl_init();
  169. curl_setopt($curlue, CURLOPT_URL, $urlue);
  170. curl_setopt($curlue, CURLOPT_FOLLOWLOCATION, 1);
  171. curl_setopt($curlue, CURLOPT_RETURNTRANSFER, 1);
  172. $response = curl_exec($curlue);
  173. $httpCode = curl_getinfo($curlue, CURLINFO_HTTP_CODE);
  174. curl_close($curlue);
  175. if($httpCode == 200){
  176.     echo "\n    > Result : 200 ok";
  177.     echo "\n    > Exploit : WordPress 4.7.0/4.7.1 Username Enumeration";
  178.     echo "\n    > Tutorial : http://skamason.com/7J0E\n";
  179.     $totalvuln = $totalvuln + 1;
  180. }else{
  181.     echo "\n    > Result : 404";
  182.     echo "\n    > Not Vulnerable";
  183.     $totalnotvuln = $totalnotvuln + 1;
  184. }
  185. /* Exploit WordPress 4.7.0/4.7.1 Username Enumeration - ShinChan - N45HT */
  186.  
  187. /* Exploit WordPress Gravity Form Arbitrary File Upload - ShinChan - N45HT */
  188. echo "\n\n[+] Testing Exploit WordPress Gravity Form Arbitrary File Upload";
  189. $urlgf = "$targets/index.php?gf_page=upload";
  190. $curlgf = curl_init();
  191. curl_setopt($curlgf, CURLOPT_URL, $urlgf);
  192. curl_setopt($curlgf, CURLOPT_FOLLOWLOCATION, 1);
  193. curl_setopt($curlgf, CURLOPT_RETURNTRANSFER, 1);
  194. $response = curl_exec($curlgf);
  195. $httpCode = curl_getinfo($curlgf, CURLINFO_HTTP_CODE);
  196. curl_close($curlgf);
  197. if($httpCode == 200){
  198.     echo "\n    > Result : 200 ok";
  199.     echo "\n    > Exploit : WordPress Gravity Form Arbitrary File Upload";
  200.     echo "\n    > Tutorial : http://skamason.com/7ItP\n";
  201.     $totalvuln = $totalvuln + 1;
  202. }else{
  203.     echo "\n    > Result : 404";
  204.     echo "\n    > Not Vulnerable";
  205.     $totalnotvuln = $totalnotvuln + 1;
  206. }
  207. /* Exploit WordPress Gravity Form Arbitrary File Upload - ShinChan - N45HT */
  208.  
  209. /* Exploit WordPress Plugin ACF Frontend Display 2.0.5 - ShinChan - N45HT */
  210. echo "\n\n[+] Testing Exploit WordPress Plugin ACF Frontend Display 2.0.5";
  211. $urlacffd = "$targets/wp-content/plugins/acf-frontend-display/js/blueimp-jQuery-File-Upload-d45deb1/server/php/index.php";
  212. $curlacffd = curl_init();
  213. curl_setopt($curlacffd, CURLOPT_URL, $urlacffd);
  214. curl_setopt($curlacffd, CURLOPT_FOLLOWLOCATION, 1);
  215. curl_setopt($curlacffd, CURLOPT_RETURNTRANSFER, 1);
  216. $response = curl_exec($curlacffd);
  217. $httpCode = curl_getinfo($curlacffd, CURLINFO_HTTP_CODE);
  218. curl_close($curlacffd);
  219. if($httpCode == 200){
  220.     echo "\n    > Result : 200 ok";
  221.     echo "\n    > Exploit : WordPress Plugin ACF Frontend Display 2.0.5";
  222.     echo "\n    > Tutorial : http://skamason.com/7IkS\n";
  223.     $totalvuln = $totalvuln + 1;
  224. }else{
  225.     echo "\n    > Result : 404";
  226.     echo "\n    > Not Vulnerable";
  227.     $totalnotvuln = $totalnotvuln + 1;
  228. }
  229. /* Exploit WordPress Plugin ACF Frontend Display 2.0.5 - ShinChan - N45HT */
  230.  
  231. /* Exploit Wordpress Infocus3 Theme Arbitrary File Download Vulnerability - ShinChan - N45HT */
  232. echo "\n\n[+] Testing Exploit Wordpress Infocus3 Theme Arbitrary File Download Vulnerability";
  233. $urlifafd = "$targets/wp-content/themes/infocus3/lib/scripts/dl-skin.php";
  234. $curlifafd = curl_init();
  235. curl_setopt($curlifafd, CURLOPT_URL, $urlifafd);
  236. curl_setopt($curlifafd, CURLOPT_FOLLOWLOCATION, 1);
  237. curl_setopt($curlifafd, CURLOPT_RETURNTRANSFER, 1);
  238. $response = curl_exec($curlifafd);
  239. $httpCode = curl_getinfo($curlifafd, CURLINFO_HTTP_CODE);
  240. curl_close($curlifafd);
  241. if($httpCode == 200){
  242.     echo "\n    > Result : 200 ok";
  243.     echo "\n    > Exploit : Wordpress Infocus3 Theme Arbitrary File Download Vulnerability";
  244.     echo "\n    > Tutorial : http://skamason.com/7Imr\n";
  245.     $totalvuln = $totalvuln + 1;
  246. }else{
  247.     echo "\n    > Result : 404";
  248.     echo "\n    > Not Vulnerable";
  249.     $totalnotvuln = $totalnotvuln + 1;
  250. }
  251. /* Exploit Wordpress Infocus3 Theme Arbitrary File Download Vulnerability - ShinChan - N45HT */
  252.  
  253. /* Exploit WP Install Vulnerability - ShinChan - N45HT */
  254. echo "\n\n[+] Testing Exploit WP Install Vulnerability";
  255. $urlwpiv = "$targets/wp-admin/install.php";
  256. $curlwpiv = curl_init();
  257. curl_setopt($curlwpiv, CURLOPT_URL, $urlwpiv);
  258. curl_setopt($curlwpiv, CURLOPT_FOLLOWLOCATION, 1);
  259. curl_setopt($curlwpiv, CURLOPT_RETURNTRANSFER, 1);
  260. $response = curl_exec($curlwpiv);
  261. $httpCode = curl_getinfo($curlwpiv, CURLINFO_HTTP_CODE);
  262. curl_close($curlwpiv);
  263. if($httpCode == 200){
  264.     echo "\n    > Result : 200 ok";
  265.     echo "\n    > Exploit : WP Install Vulnerability";
  266.     echo "\n    > Tutorial : http://skamason.com/7Iri\n";
  267.     $totalvuln = $totalvuln + 1;
  268. }else{
  269.     echo "\n    > Result : 404";
  270.     echo "\n    > Not Vulnerable";
  271.     $totalnotvuln = $totalnotvuln + 1;
  272. }
  273. /* Exploit WP Install Vulnerability - ShinChan - N45HT */
  274.  
  275. /* Exploit WordPress Product Options For WooCommerce Plugin File Upload - ShinChan - N45HT */
  276. echo "\n\n[+] Testing Exploit WordPress Product Options For WooCommerce Plugin File Upload";
  277. $urlpofw = "$targets/wp-content/plugins/woocommerce-product-options/includes/image-upload.php";
  278. $curlpofw = curl_init();
  279. curl_setopt($curlpofw, CURLOPT_URL, $urlpofw);
  280. curl_setopt($curlpofw, CURLOPT_FOLLOWLOCATION, 1);
  281. curl_setopt($curlpofw, CURLOPT_RETURNTRANSFER, 1);
  282. $response = curl_exec($curlpofw);
  283. $httpCode = curl_getinfo($curlpofw, CURLINFO_HTTP_CODE);
  284. curl_close($curlpofw);
  285. if($httpCode == 200){
  286.     echo "\n    > Result : 200 ok";
  287.     echo "\n    > Exploit : WordPress Product Options For WooCommerce Plugin File Upload";
  288.     echo "\n    > Tutorial : http://skamason.com/7IxS\n";
  289.     $totalvuln = $totalvuln + 1;
  290. }else{
  291.     echo "\n    > Result : 404";
  292.     echo "\n    > Not Vulnerable";
  293.     $totalnotvuln = $totalnotvuln + 1;
  294. }
  295. /* Exploit WordPress Product Options For WooCommerce Plugin File Upload - ShinChan - N45HT */
  296.  
  297. echo "\n\n [x] Result :";
  298. echo "\n    [~] Total Vulnerability = $totalvuln";
  299. echo "\n    [~] Total Not Vulnerability = $totalnotvuln\n\n";
  300. ?>
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top