[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]
[+]
[+] Exploit Title: Wordpress Smallbiz Themes Remote File Uploads Vulnerability
[+]
[+] Exploit Author: FullSecurity.org
[+]
[+] Discovered By: Milad Hacking
[+]
[+] Vendor Homepage : wordpress.org
[+]
[+] Date: 2016-02-09
[+]
[+] Tested on: Kali Linux / lceweasel
[+]
[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]
Vulnerability Code
<?php
/*
Color Palette Generator v1.2
by Jeff Minard cpg (aht) jrm.cc
http://jrm.cc/
Please read and abide by the accompanying license:
gpl.txt
-or-
http://creativecommons.org/licenses/GPL/2.0/
*/
require("cpg.php");
if( $_GET['image'] ) // selected image from bookmark or get form
$file = $_GET['image'];
if( $_FILES['userfile']['tmp_name'] ) // Upload detected captain!
handle_upload();
// Recommended Image Form Items
$recommended = get_image_list($rec_image_dir);
// User Submitted Image
$user_submitted = get_image_list($image_dir);
// Steps Form Options
$step_options = get_steps_list();
// Methods!
$method_options = get_method_list();
if( $file ) // hoooo buddy, process the image.
$color_palette = get_color_palette($file);
?>
[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]
[+] Demo :
http://www.performanceglass1.com/wp-content/themes/smallbiz/palette/index.php
http://www.divasmph.org/divasmph.com-redirect/test2/wp-content/themes/smallbiz/palette/index.php
http://www.invincibleczars.com/blog/wp-content/themes/smallbiz/palette/index.php
http://www.delamenardiere.com/art/wp-content/themes/smallbiz/palette/index.php
http://www.huntlaudistudio.com/void/wp-content/themes/smallbiz/palette/index.php
http://www.huntlaudistudio.com/void/wp-content/themes/smallbiz/palette/index.php
http://www.louisianarunning.com/wp-content/themes/smallbiz/palette/index.php
http://www.mikrofininvest.com/wp-content/themes/smallbiz/palette/index.php
[+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+]
Special thanks to: iliya Norton - Milad Hacking - Mohamad Ghasemi
- irhblackhat - Distr0watch - N3TC4T - Ac!D - Mr.G}{o$t -
S4livan - MRS4JJ4D - SeCrEt_HaCkEr , Nazila Blackhat , Bl4ck_MohajeM , Xodiak
[+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+]
Greetz to: My Lord Allah
https://telegram.me/thehacking
http://FullSecurity.org
milad.hacking.blackhat@Gmail.com
[+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+]