-
The script defines the URL of the WordPress site that will be attacked.
-
Creates an XML string representing the malicious Pingback.
-
Defines the HTTP request headers.
-
Sends the POST request to the WordPress site (response).
-
Checks the response status code (response.status_code).
-
If the status code is 200, it returns the message that the vulnerability was successfully exploited.
-
Make sure you have Python 3+ installed on your computer.
-
Clone this repository to your computer:
git clone https://github.com/0x5FE/exploit_pingback_wordpress.git -
Navigate to the script folder:
cd exploit_pingback_wordpress
- requests
To install the requests library, run the following command in the terminal:
pip install requests
-
Error 404: The WordPress site URL is incorrect. Please check the URL and try again.
-
Error 500: Your WordPress site is experiencing problems. Try again later.
-
Import error: The requests library is not installed. Install the requests library and try again.
-
Use this script responsibly and ensure that you have proper authorization and consent before performing any security testing.
-
The author of this script are not responsible for any misuse, damage, or illegal activities caused by the use of this script. Use it at your own risk.
-
Exploitation of this vulnerability can cause damage to your WordPress website. Use this script with caution.
If you have any suggestions for improvements to this script, feel free to submit a pull request.