CVE-2015-1579 PoC — WordPress Elegant Themes Divi主题目录遍历漏洞

Source

Associated Vulnerability

Description

[discontinued] Mass exploiter of CVE-2015-1579 for WordPress CMS

Readme

# WordPressMassExploiter
Mass exploiter of CVE-2015-1579 for WordPress CMS




This mass exploiter is based on CVE-2015-1579, discovered by CLAUDIO VIVIANI (https://www.exploit-db.com/exploits/36554/)


How it works:

1 - I use Selenium Framework to make the search on google.

2 - The results of search, are parsed and links are stored into wordpressAFD_results.txt file.

3 - The fuzzer() & download_wp_config() try download wp-config from all targets.


Exemple of using the tool:

$ python wordpressCVE-2015-1579.py --dork='revslider.php "index of"'

$ python wordpressCVE-2015-1579.py --dork='revslider.php "index of"' --period=lastYear (See options for this parameter on --help)


*OBS[1]: You can change the country of google search, the default is .com.br. BUT you won't be able to use --period parameter

*OBS[2]: INSTALL ALL DEPENDENCYS... (selenium beautifulsoup4 requests docopt tqdm python-nmap .... I don't remember all :D)

File Snapshot

 [4.0K]  /data/pocs/ccc4e23bf25dfe2a4b13b5f1f40c06308242b136
├── [ 940]  README.md
└── [ 12K]  wordpressCVE-2015-1579.py

0 directories, 2 files

Remarks