##########################################################################
# Exploit Title : WordPress WebFatorial-FoodNetwork Themes Unauthorized File Insertation
# Author [ Discovered By ] : KingSkrupellos
# Team : Cyberizm Digital Security Army
# Date : 06/03/2019
# Vendor Homepage : foodnetwork.com.br
# Information Link : themetix.com/webfatorial-foodnetwork/
# Tested On : Windows and Linux
# Category : WebApps
# Exploit Risk : Medium
# Vulnerability Type : CWE-264 - [ Permissions, Privileges, and Access Controls ]
# PacketStormSecurity : packetstormsecurity.com/files/authors/13968
# CXSecurity : cxsecurity.com/author/KingSkrupellos/1/
# Exploit4Arab : exploit4arab.org/author/351/KingSkrupellos
##########################################################################
# Impact :
***********
WordPress WebFatorial-FoodNetwork Themes is prone to an arbitrary
file upload vulnerability. An attacker may leverage this issue to upload arbitrary files to the
affected computer; this can result in arbitrary code execution within the
context of the vulnerable application. Weaknesses in this category are related to the
management of permissions, privileges, and other security features that
are used to perform access control.
##########################################################################
# Exploit :
*********
/wp-content/themes/webfatorial-foodnetwork/js/jupload/index.php
# Directory File Path :
********************
/wp-content/uploads/[YEAR]/[MONTH]/.....
Note : Search for reasonable file path.
##########################################################################
# Example Vulnerable Site :
*************************
[+] foodnetwork.com.br/wp-content/themes/webfatorial-foodnetwork/js/jupload/index.php
##########################################################################
# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
##########################################################################