Xss2shell
Tool for abusing XSS vulnerabilities on Wordpress and Joomla! installations
Install / Use
/learn @Prochainezo/Xss2shellREADME
XSS2SHELL v3
Changelog:<br /> v3 - "Hello Dolly" plugin is now used for backdooring WP; Themes are no longer used.<br /> V2 - Added Joomla support
Videos:<br /> Exploiting CVE-2014-9031 with XSS2SHELL (V3): http://youtu.be/hRIuaLQfOhs<br /> XSS2SHELL - Video Walkthrough & Introduction (V1): http://youtu.be/-EGUfPgK_lw
XSS2SHELL is a piece of software which allows you to get instant php code execution on WordPress and Joomla! installations via XSS vulnerabilities. The tool is designed to operate as follows:
- User generates his javascript payload by using the python builder
- User uploads the payload and injects it into an existing XSS vuln
- Payload is triggerd by a WP/Joomla! admin, and the attacker's php is evaled
Some notes:
- The WordPress payload is always saved to "/wp-content/plugins/hello.php"
- The Joomla! payload is always saved to "/administrator/templates/isis/pay.php"
Feel free to contribute to this repo by reporting bugs or making productive pull requests.
Related Skills
node-connect
350.8kDiagnose OpenClaw node connection and pairing failures for Android, iOS, and macOS companion apps
frontend-design
110.4kCreate distinctive, production-grade frontend interfaces with high design quality. Use this skill when the user asks to build web components, pages, or applications. Generates creative, polished code that avoids generic AI aesthetics.
openai-whisper-api
350.8kTranscribe audio via OpenAI Audio Transcriptions API (Whisper).
qqbot-media
350.8kQQBot 富媒体收发能力。使用 <qqmedia> 标签,系统根据文件扩展名自动识别类型(图片/语音/视频/文件)。
