Share
## https://sploitus.com/exploit?id=5739D5A1-7313-52D4-9680-266CE5BD12E1
# Wordpress SQLI-2-RCE Exploit
- This Python script exploits CVE-2024-27956, a vulnerability in Wordpress that allows for SQL Injection leading to Remote Code Execution (RCE).
# Features
- Multi-threaded Exploitation: Utilizes concurrent threads to exploit multiple Wordpress instances simultaneously.
- Dynamic Payload Injection: Constructs SQL queries dynamically to inject malicious code into vulnerable Wordpress installations.
- Detailed Logging and Error Handling: Uses colorama and coloredlogs for enhanced console output with color-coded messages.
# Requirements
- Python 3.x
- Required Python packages (requests, argparse, colorama, coloredlogs, concurrent.futures)\
# Usage
- python exploit.py -f urls.txt [-t NUM_THREADS]
- -f, --file: File containing URLs/IPs of Wordpress instances, one per line.
- -t, --threads: Number of threads to use for concurrent requests (default: 5).
# Author
- Pari Malam