- This Python script exploits CVE-2024-27956, a vulnerability in Wordpress that allows for SQL Injection leading to Remote Code Execution (RCE).
- Multi-threaded Exploitation: Utilizes concurrent threads to exploit multiple Wordpress instances simultaneously.
- Dynamic Payload Injection: Constructs SQL queries dynamically to inject malicious code into vulnerable Wordpress installations.
- Detailed Logging and Error Handling: Uses colorama and coloredlogs for enhanced console output with color-coded messages.
- Python 3.x
- Required Python packages (requests, argparse, colorama, coloredlogs, concurrent.futures)\
- python exploit.py -f urls.txt [-t NUM_THREADS]
- -f, --file: File containing URLs/IPs of Wordpress instances, one per line.
- -t, --threads: Number of threads to use for concurrent requests (default: 5).
- Pari Malam