~# n0tr00t Security Team

WordPress tags fuzz test - wct.py

01 May 2015 - ttys031

[+] Author: ttys031
[+] Team: n0tr00t security team 
[+] From: http://www.n0tr00t.com
[+] Create: 2015-05-01

wct.py (part1):

#!/usr/bin/env python
# coding=utf8
# team=n0tr00t
# [email protected]

import random
import string

def _tag():
    tags = ["<a href='http://n0tr00t.com/#papapa' title='evil'>", "<abbr title='evil'>",
            "<acronym title='evil'>", "<b evil>", "<blockquote cite='evil'>",
            "<cite cite='evil'>", "<code t='evil'>", "<del datetime='evil'>",
            "<em t='evil'>", "<q cite='evil'>",]
    tag  = ["<li>", "<s>", "<strike>", "<b>", "<code>", "<hr>", "<tt>"]
    return tags, tag

def _str():
    asc = []
    for i in range(256):
        ii = '\\x{}'.format(hex(i)[-2:].upper())
        asc.append(ii)
    str_payload = ['AAAAAAAA'*100000, 'AAAAAAAAA'*199999,
                   '\xD8\x34\xDF\x06', ')9\0a;"', '*&":>?&*',
                   '"436873d;12/\\', '|}{^\/\\/'*19999]
    _p = []
    for s in range(20):
        ppp = '{flag}:{random_str}_{str_payload}'.format(flag=s,
        random_str=string.join(random.sample(['a','b','c','d','e','f','g','h','i','j'], 6)).replace(" ",""),
        str_payload=random.choice(str_payload),)
        _p.append(ppp)
    return _p, asc

def _main():
    _p, asc = _str()
    tags, tag = _tag()
    count, payload, payload_tmp = 0, [], []
    for t in tags:
        for p in _p:
            payload_tmp.append('xxxxx{}{}'.format(t.replace("evil", p), random.choice(tag)))
            payload_tmp.append('xxxxx{}{}'.format(random.choice(tag), t.replace("evil", p)))
    for i in payload_tmp:
        count += 1
        payload.append('{}|||{}'.format(count, i.replace("papapa", random.choice(asc))))
    return payload

if __name__ == '__main__':
    _main()