exploiter# CVE-2014-4725 mailpoet exploitation tool
this script is used to scan and exploit the cve-2014-4725 vulnerability (mailpoet/wysija newsletters) in wordpress.
## features
- scan mode > detect wordpress targets vulnerable to cve-2014-4725
- exploit mode > upload a zip payload to vulnerable targets
## installation
1. clone the repository:
```
git clone https://github.com/username/CVE-2014-4725.git
cd CVE-2014-4725
2. install dependencies:
```
pip install requests
## usage
scan targets
python exploit.py --scan targets.txt
targets.txt contains a list of targets (one per line, without http://)
exploit targets
python exploit.py --exploit vuln.txt --payload file/zip.zip
vuln.txt contains targets that are already confirmed vulnerable
--payload is the zip file containing the theme/backdoor to be uploaded
output
vuln.txt > list of vulnerable targets
shell.txt > urls of uploaded shells
[4.0K] /data/pocs/7a41f9dfe1709d5ef86739272a7611cd14421bff
├── [3.9K] exploit.py
├── [4.0K] file
│ └── [ 169] ZIP.zip
├── [4.0K] pwdnx
│ ├── [ 10] exploited.php
│ └── [1.2K] __init__.pyc
└── [ 920] README.md
2 directories, 5 files