Wordpress Smallbiz Themes Remote File Uploads Vulnerability

2016.02.08

Credit: FullSecurity.org

Risk: High

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

Dork: inurl:wp-content/themes/smallbiz/palette/index.php

 [+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]
[+]
[+] Exploit Title: Wordpress Smallbiz Themes Remote File Uploads Vulnerability
[+]
[+] Exploit Author: FullSecurity.org
[+]
[+] Discovered By: Milad Hacking
[+]
[+] Vendor Homepage : wordpress.org
[+]
[+] Date: 2016-02-09
[+]
[+] Tested on: Kali Linux / lceweasel
[+]
[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]
Vulnerability Code
<?php
/*
Color Palette Generator v1.2
by Jeff Minard cpg (aht) jrm.cc
http://jrm.cc/
Please read and abide by the accompanying license:
gpl.txt
-or-
http://creativecommons.org/licenses/GPL/2.0/
*/
require("cpg.php");
if( $_GET['image'] ) // selected image from bookmark or get form
$file = $_GET['image'];
if( $_FILES['userfile']['tmp_name'] ) // Upload detected captain!
handle_upload();
// Recommended Image Form Items
$recommended = get_image_list($rec_image_dir);
// User Submitted Image
$user_submitted = get_image_list($image_dir);
// Steps Form Options
$step_options = get_steps_list();
// Methods!
$method_options = get_method_list();
if( $file ) // hoooo buddy, process the image.
$color_palette = get_color_palette($file);
?>
[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]
[+] Demo :
http://www.performanceglass1.com/wp-content/themes/smallbiz/palette/index.php
http://www.divasmph.org/divasmph.com-redirect/test2/wp-content/themes/smallbiz/palette/index.php
http://www.invincibleczars.com/blog/wp-content/themes/smallbiz/palette/index.php
http://www.delamenardiere.com/art/wp-content/themes/smallbiz/palette/index.php
http://www.huntlaudistudio.com/void/wp-content/themes/smallbiz/palette/index.php
http://www.huntlaudistudio.com/void/wp-content/themes/smallbiz/palette/index.php
http://www.louisianarunning.com/wp-content/themes/smallbiz/palette/index.php
http://www.mikrofininvest.com/wp-content/themes/smallbiz/palette/index.php
[+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+]
Special thanks to: iliya Norton - Milad Hacking - Mohamad Ghasemi
- irhblackhat - Distr0watch - N3TC4T - Ac!D - Mr.G}{o$t -
S4livan - MRS4JJ4D - SeCrEt_HaCkEr , Nazila Blackhat , Bl4ck_MohajeM , Xodiak
[+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+]
Greetz to: My Lord Allah
https://telegram.me/thehacking
http://FullSecurity.org
milad.hacking.blackhat@Gmail.com
[+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+]

References:

https://telegram.me/thehacking

http://FullSecurity.org

See this note in RAW Version

Vote for this issue:

100%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Wordpress Smallbiz Themes Remote File Uploads Vulnerability

Dork: inurl:wp-content/themes/smallbiz/palette/index.php

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.