Skip to content

This is just a simple script that exploits a vulnerability in the wordpress plugin Advanced Access Manager before Version 5.9.9

Notifications You must be signed in to change notification settings

CyberTuz/Advanced-Access-Manager-5.9.9-Exploit-file-download

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
 
 
 
 
 
 

Repository files navigation

Advanced Access Manager 5.9.9 Exploit File Download

This is just a simple script that exploits a vulnerability in the wordpress plugin Advanced Access Manager before Version 5.9.9
it downloads all the files present on the web-server(the wordpress file system) on your computer, enters a list of files to download, such as the wordpress.txt file, which contains the list of standard wordpress files.

Advanced Access Manager before Version 5.9.9 allows reading arbitrary files without checking whether a user is allowed to read the given file. This way one can download the wp-config.php file and get access to the database, which is publicly reachable on many servers. https://wpvulndb.com/vulnerabilities/9873

You can use different lists of file to download for exampple the plugins files or to do some fuzzing on the webserver.

I recommend that you launch it in an empty folder, because while it is running it also downloads the non-existent files and only after it has finished delete the 0-bit files.

Need:

Python
pip install wget
pip install art

Obviously it is for educational purposes only. and it's an extremely simple script, there are thousands of ways to do it better.

About

This is just a simple script that exploits a vulnerability in the wordpress plugin Advanced Access Manager before Version 5.9.9

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages